Magento exploitation wave for CVE-2026-45247
Exploitation Wave
Summary
Hide ▲
Show ▼
Active exploitation of CVE-2026-45247 is hitting Mirasvit Cache Warmer on Magento stores, with malicious requests carrying serialized PHP payloads that can lead to remote code execution. The wave has primarily targeted gaming and business sites and has been seen across the U.S., U.K., France, and Australia. Imperva reported that attackers are using the CacheWarmer cookie to deliver payloads and test whether code execution succeeds. CISA added the flaw to the KEV catalog, and unpatched versions prior to 1.11.12 remain exposed.
Cases
Related Happenings
Joomla iCagenda and Balbooa Forms active RCE exploitation wave
Exploitation Wave
H score42
First: 13.07.2026 18:20
Last: 13.07.2026 18:20
Sources 1
About this happening:
Joomla sites were hit by an active exploitation wave against iCagenda and Balbooa Forms upload flaws, enabling remote code execution and full website takeover....
Joomla iCagenda and Balbooa Forms active RCE exploitation wave
Exploitation WaveAbout this happening: Joomla sites were hit by an active exploitation wave against iCagenda and Balbooa Forms upload flaws, enabling remote code execution and full website takeover....
Mirasvit Cache Warmer RCE (CVE-2026-45247)
Vulnerability
H score9
First: 04.06.2026 10:19
Last: 04.06.2026 10:19
Sources 1
How related:
"Mirasvit Full Page Cache Warmer contains a deserialization of untrusted data vulnerability that could allow unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie,"
About this happening:
CVE-2026-45247 is a critical deserialization of untrusted data flaw in Mirasvit Cache Warmer that enables unauthenticated remote code execution on affected Magento...
Mirasvit Cache Warmer RCE (CVE-2026-45247)
VulnerabilityHow related: "Mirasvit Full Page Cache Warmer contains a deserialization of untrusted data vulnerability that could allow unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie,"
About this happening: CVE-2026-45247 is a critical deserialization of untrusted data flaw in Mirasvit Cache Warmer that enables unauthenticated remote code execution on affected Magento...
PAN-OS GlobalProtect CVE-2026-0257 exploitation wave
Exploitation Wave
H score18
First: 01.06.2026 11:30
Last: 01.06.2026 11:30
Sources 1
About this happening:
A CVE-2026-0257 exploitation wave is hitting Palo Alto Networks PAN-OS GlobalProtect appliances, creating unauthorized VPN access risk for multiple customers. Ra...
PAN-OS GlobalProtect CVE-2026-0257 exploitation wave
Exploitation WaveAbout this happening: A CVE-2026-0257 exploitation wave is hitting Palo Alto Networks PAN-OS GlobalProtect appliances, creating unauthorized VPN access risk for multiple customers. Ra...
Apex One on-premises server directory traversal zero-day (CVE-2026-34926)
Vulnerability
H score53
First: 22.05.2026 16:39
Last: 22.05.2026 16:39
Sources 1
About this happening:
CVE-2026-34926 is a Trend Micro Apex One on-premises directory traversal zero-day that can let a privileged local attacker inject malicious code onto affected agents...
Apex One on-premises server directory traversal zero-day (CVE-2026-34926)
VulnerabilityAbout this happening: CVE-2026-34926 is a Trend Micro Apex One on-premises directory traversal zero-day that can let a privileged local attacker inject malicious code onto affected agents...
Langflow and Trend Micro Apex One exploited flaws (multiple vulnerabilities)
Vulnerability
H score44
First: 22.05.2026 08:47
Last: 22.05.2026 08:47
Sources 1
About this happening:
CISA added CVE-2025-34291 in Langflow and CVE-2026-34926 in Trend Micro Apex One to the KEV catalog after evidence of active exploitation. The Langflow...
Langflow and Trend Micro Apex One exploited flaws (multiple vulnerabilities)
VulnerabilityAbout this happening: CISA added CVE-2025-34291 in Langflow and CVE-2026-34926 in Trend Micro Apex One to the KEV catalog after evidence of active exploitation. The Langflow...
Timeline
-
04.06.2026 10:19 1 articles · 1mo ago
Mirasvit releases patches for CVE-2026-45247
Mitigation Patch UpdateMirasvit released fixes on May 25, 2026 for Mirasvit Cache Warmer versions prior to 1.11.12 after CVE-2026-45247 was identified as a deserialization of untrusted data issue that could lead to remote code execution on an affected Magento server.
Show sources
- CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog — thehackernews.com — 04.06.2026 10:19
-
04.06.2026 10:19 1 articles · 1mo ago
CISA adds Mirasvit Cache Warmer flaw CVE-2026-45247 to KEV catalog
Legal Policy Action UpdateCISA added CVE-2026-45247 affecting Mirasvit Cache Warmer on Magento to the Known Exploited Vulnerabilities catalog after reports of active exploitation, and Federal Civilian Executive Branch agencies were ordered to apply the fixes by June 6, 2026.
Show sources
- CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog — thehackernews.com — 04.06.2026 10:19
-
04.06.2026 10:19 2 articles · 1mo ago
Imperva observes serialized PHP object payloads targeting vulnerable Magento stores
Exploitation ObservedImperva observed active attack activity against vulnerable Magento storefronts using malicious HTTP requests that carried serialized PHP object payloads in the CacheWarmer cookie; the observed payloads were base64-encoded objects designed to trigger PHP object deserialization and execute commands such as system() and current(), with gaming and business sites in the U.S., the U.K., France, and Australia among the primary targets.
Show sources
- CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog — thehackernews.com — 04.06.2026 10:19
- CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog — thehackernews.com — 04.06.2026 10:19