CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog

2026-06-04

1 min read

by info@thehackernews.com (The Hacker News)

Read Original

Get the latest tech trends every morning

Receive daily AI-curated summaries of engineering articles from top tech companies worldwide.

Endigest AI Core Summary

CISA added CVE-2026-45247, a critical PHP deserialization vulnerability in Mirasvit Cache Warmer for Magento, to its Known Exploited Vulnerabilities catalog.

•CVSS 9.8 allows unauthenticated RCE through malicious CacheWarmer cookies containing serialized PHP objects
•Affects versions prior to 1.11.12; patches released May 25, 2026
•Enables RCE via PHP object injection and gadget chains
•Active attacks target gaming and business sites in U.S., U.K., France, Australia; detect by base64 markers Tz, Qz, YT in cookies

This summary was automatically generated by AI based on the original article and may not be fully accurate.

CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog

Get the latest tech trends every morning

Endigest AI Core Summary

Related Articles

Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows

Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS

Veeam Backup & Replication RCE Flaw Lets Domain Users Run Remote Code

Microsoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe Continues