Find notable cyber news and cases, enriched with sources, timelines, and signals.

Magento exploitation wave for CVE-2026-45247

Exploitation Wave
First reported
Last updated
Happening score
H score 9
1 unique sources, 1 articles

Summary

Hide ▲

Active exploitation of CVE-2026-45247 is hitting Mirasvit Cache Warmer on Magento stores, with malicious requests carrying serialized PHP payloads that can lead to remote code execution. The wave has primarily targeted gaming and business sites and has been seen across the U.S., U.K., France, and Australia. Imperva reported that attackers are using the CacheWarmer cookie to deliver payloads and test whether code execution succeeds. CISA added the flaw to the KEV catalog, and unpatched versions prior to 1.11.12 remain exposed.

Cases

Related Happenings

Joomla iCagenda and Balbooa Forms active RCE exploitation wave

Exploitation Wave
H score42 First: 13.07.2026 18:20 Last: 13.07.2026 18:20 Sources 1

About this happening: Joomla sites were hit by an active exploitation wave against iCagenda and Balbooa Forms upload flaws, enabling remote code execution and full website takeover....

Mirasvit Cache Warmer RCE (CVE-2026-45247)

Vulnerability
H score9 First: 04.06.2026 10:19 Last: 04.06.2026 10:19 Sources 1

How related: "Mirasvit Full Page Cache Warmer contains a deserialization of untrusted data vulnerability that could allow unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie,"

About this happening: CVE-2026-45247 is a critical deserialization of untrusted data flaw in Mirasvit Cache Warmer that enables unauthenticated remote code execution on affected Magento...

PAN-OS GlobalProtect CVE-2026-0257 exploitation wave

Exploitation Wave
H score18 First: 01.06.2026 11:30 Last: 01.06.2026 11:30 Sources 1

About this happening: A CVE-2026-0257 exploitation wave is hitting Palo Alto Networks PAN-OS GlobalProtect appliances, creating unauthorized VPN access risk for multiple customers. Ra...

Apex One on-premises server directory traversal zero-day (CVE-2026-34926)

Vulnerability
H score53 First: 22.05.2026 16:39 Last: 22.05.2026 16:39 Sources 1

About this happening: CVE-2026-34926 is a Trend Micro Apex One on-premises directory traversal zero-day that can let a privileged local attacker inject malicious code onto affected agents...

Langflow and Trend Micro Apex One exploited flaws (multiple vulnerabilities)

Vulnerability
H score44 First: 22.05.2026 08:47 Last: 22.05.2026 08:47 Sources 1

About this happening: CISA added CVE-2025-34291 in Langflow and CVE-2026-34926 in Trend Micro Apex One to the KEV catalog after evidence of active exploitation. The Langflow...

Timeline

  1. 04.06.2026 10:19 1 articles · 1mo ago

    Mirasvit releases patches for CVE-2026-45247

    Mitigation Patch Update

    Mirasvit released fixes on May 25, 2026 for Mirasvit Cache Warmer versions prior to 1.11.12 after CVE-2026-45247 was identified as a deserialization of untrusted data issue that could lead to remote code execution on an affected Magento server.

    Show sources
  2. 04.06.2026 10:19 1 articles · 1mo ago

    CISA adds Mirasvit Cache Warmer flaw CVE-2026-45247 to KEV catalog

    Legal Policy Action Update

    CISA added CVE-2026-45247 affecting Mirasvit Cache Warmer on Magento to the Known Exploited Vulnerabilities catalog after reports of active exploitation, and Federal Civilian Executive Branch agencies were ordered to apply the fixes by June 6, 2026.

    Show sources
  3. 04.06.2026 10:19 2 articles · 1mo ago

    Imperva observes serialized PHP object payloads targeting vulnerable Magento stores

    Exploitation Observed

    Imperva observed active attack activity against vulnerable Magento storefronts using malicious HTTP requests that carried serialized PHP object payloads in the CacheWarmer cookie; the observed payloads were base64-encoded objects designed to trigger PHP object deserialization and execute commands such as system() and current(), with gaming and business sites in the U.S., the U.K., France, and Australia among the primary targets.

    Show sources