CISA Adds Critical Magento Security Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security vulnerability in the popular Magento extension Mirasvit Cache Warmer to its Known Exploited Vulnerabilities (KEV) catalog on Wednesday. This decision follows reports of active exploitation of the vulnerability in the cyber realm. The vulnerability is registered under the identifier CVE-2026-45247 and has a CVSS score of 9.8, classifying it as extremely critical. The vulnerability results from the deserialization of untrusted data, allowing attackers to execute malicious code.

This type of security flaw is particularly dangerous as it enables attackers to take control of affected systems. CISA has identified the affected systems as particularly vulnerable, underscoring the urgency of the issue. Affected companies and developers are strongly urged to review their systems and implement appropriate security updates. CISA has published specific instructions to minimize risks and protect systems. The release of this information aims to improve the security landscape in the e-commerce sector.

The Magento platform is used by numerous online retailers worldwide, significantly increasing the potential impact of this vulnerability. According to estimates, over 250,000 online stores use Magento, amplifying the urgency of security measures. CISA has already indicated active attacks on systems using this extension. The Mirasvit Cache Warmer extension is known for optimizing website loading times, making it attractive for many online store operators. The combination of high popularity and critical security vulnerability makes this situation particularly concerning.

Security researchers warn that exploiting this vulnerability could lead to significant financial losses. CISA has emphasized that a swift response to such vulnerabilities is crucial to ensure the integrity of online platforms. Companies should not only install the latest security updates but also review and adjust their security policies. The agency recommends conducting regular security audits to identify potential vulnerabilities early. In addition to CISA, other security organizations and experts have highlighted the urgency of the issue.

Reports of successful attacks exploiting this vulnerability have already led to an increase in security alerts. Companies using Magento should be aware of the risks and take proactive measures. CISA plans to provide further information and updates regarding this vulnerability to assist affected companies. The agency has also published a list of recommended actions that companies should implement to protect their systems. These measures include reviewing user permissions and implementing intrusion detection systems.

The vulnerability CVE-2026-45247 exemplifies the challenges companies face in the digital landscape. The continuous evolution of technologies and the increasing complexity of software solutions require a high level of vigilance and adaptability. CISA will continue to monitor developments regarding this vulnerability and issue appropriate recommendations. The vulnerability was discovered on June 1, 2026, and has since drawn the attention of security researchers and companies. CISA has already taken steps to promote the dissemination of information about this vulnerability and support affected companies.