A PHP object injection in Mirasvit Cache Warmer (CVE-2026-45247) enables unauthenticated remote code execution on Magento 2 and Adobe Commerce systems and is already being actively exploited.
CISA confirms active exploitation of the remote code execution vulnerability CVE-2026-45247 in Magento cache extension and calls on federal agencies to remediate.