Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

Magento exploitation wave for CVE-2026-45247

Exploitation Wave
First reported
Last updated
Happening score
H score 61
1 unique sources, 1 articles

Summary

Hide ▲

Active exploitation of CVE-2026-45247 is hitting Mirasvit Cache Warmer on Magento stores, with malicious requests carrying serialized PHP payloads that can lead to remote code execution. The wave has primarily targeted gaming and business sites and has been seen across the U.S., U.K., France, and Australia. Imperva reported that attackers are using the CacheWarmer cookie to deliver payloads and test whether code execution succeeds. CISA added the flaw to the KEV catalog, and unpatched versions prior to 1.11.12 remain exposed.

Cases

Mirasvit Cache Warmer Exploitation on Magento Stores (2)

Related Happenings

Mirasvit Cache Warmer RCE (CVE-2026-45247)

Vulnerability
First: 04.06.2026 10:19 Last: 04.06.2026 10:19 Sources 1

How related: "Mirasvit Full Page Cache Warmer contains a deserialization of untrusted data vulnerability that could allow unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie,"

About this happening: **CVE-2026-45247** is a critical **deserialization of untrusted data** flaw in **Mirasvit Cache Warmer** that enables **unauthenticated remote code execution** on affected Magento...

Open Happening

PAN-OS GlobalProtect CVE-2026-0257 exploitation wave

Exploitation Wave
First: 01.06.2026 11:30 Last: 01.06.2026 11:30 Sources 1

About this happening: A **CVE-2026-0257** exploitation wave is hitting **Palo Alto Networks PAN-OS GlobalProtect** appliances, creating **unauthorized VPN access** risk for **multiple customers**. **Ra...

Open Happening

Apex One on-premises server directory traversal zero-day (CVE-2026-34926)

Vulnerability
First: 22.05.2026 16:39 Last: 22.05.2026 16:39 Sources 1

About this happening: **CVE-2026-34926** is a **Trend Micro Apex One** **on-premises** directory traversal zero-day that can let a privileged local attacker inject malicious code onto affected **agents...

Open Happening

Langflow and Trend Micro Apex One exploited flaws (multiple vulnerabilities)

Vulnerability
First: 22.05.2026 08:47 Last: 22.05.2026 08:47 Sources 1

About this happening: **CISA** added **CVE-2025-34291** in **Langflow** and **CVE-2026-34926** in **Trend Micro Apex One** to the **KEV catalog** after evidence of **active exploitation**. The Langflow...

Open Happening

Linux kernel XFRM ESP-in-TCP local privilege escalation (CVE-2026-46300)

Vulnerability
First: 14.05.2026 10:06 Last: 14.05.2026 10:06 Sources 1

About this happening: **Fragnesia** adds a fresh **Linux kernel** local privilege-escalation path, putting **unprivileged local attackers** on a route to **root access** across major distributions. The...

Latest development: 14.05.2026 16:00

Cloud security firm Wiz identified Fragnesia (CVE-2026-46300) in the Dirty Frag family, a Linux local privilege escalation that lets unprivileged local users gain root by corrupting the kernel page cache of read-only files. William Bowling of Zellic and the V12 team were credited with the discovery, and a working proof-of-concept exploit was published on May 13, 2026.

Open Happening

Timeline

  1. 04.06.2026 10:19 1 articles · 2h ago

    Mirasvit releases patches for CVE-2026-45247

    Mitigation Patch Update

    Mirasvit released fixes on May 25, 2026 for Mirasvit Cache Warmer versions prior to 1.11.12 after CVE-2026-45247 was identified as a deserialization of untrusted data issue that could lead to remote code execution on an affected Magento server.

    Show sources
    Open in new tab
  2. 04.06.2026 10:19 1 articles · 2h ago

    CISA adds Mirasvit Cache Warmer flaw CVE-2026-45247 to KEV catalog

    Legal Policy Action Update

    CISA added CVE-2026-45247 affecting Mirasvit Cache Warmer on Magento to the Known Exploited Vulnerabilities catalog after reports of active exploitation, and Federal Civilian Executive Branch agencies were ordered to apply the fixes by June 6, 2026.

    Show sources
    Open in new tab
  3. 04.06.2026 10:19 2 articles · 2h ago

    Imperva observes serialized PHP object payloads targeting vulnerable Magento stores

    Exploitation Observed

    Imperva observed active attack activity against vulnerable Magento storefronts using malicious HTTP requests that carried serialized PHP object payloads in the CacheWarmer cookie; the observed payloads were base64-encoded objects designed to trigger PHP object deserialization and execute commands such as system() and current(), with gaming and business sites in the U.S., the U.K., France, and Australia among the primary targets.

    Show sources
    Open in new tab