CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical flaw impacting Mirasvit Cache Warmer, a popular Magento full-page cache extension, to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild. The vulnerability, tracked as CVE-2026-45247 (CVSS score: 9.8), is a case of deserialization of untrusted

The article reports that CISA has added a critical, actively exploited Magento extension vulnerability (CVE-2026-45247) in the Mirasvit Cache Warmer plugin to its Known Exploited Vulnerabilities catalog, highlighting a deserialization flaw that enables remote code execution and full compromise of affected e-commerce sites.[1][2] This is a third-party component issue in the broader software supply chain rather than an AI-specific flaw. From a CyberSE.AI perspective, it underscores how dependencies and plugins in underlying application stacks (like Magento) can silently expose AI workloads or agents that rely on those platforms for data, payments, or user context. Organizations integrating AI agents with e-commerce or CMS platforms should treat such plugins as part of their AI supply chain, track them in SBOMs, and ensure timely patching and isolation to prevent lateral movement into AI systems.