Exposures › CVE-2026-45247
Mirasvit Full Page Cache Warmer allows unauthenticated remote code execution via crafted serialized PHP objects in the CacheWarmer cookie.
This vulnerability enables unauthenticated attackers to execute arbitrary code on Mirasvit systems by exploiting a deserialization flaw in the CacheWarmer cookie, posing a severe risk to FedRAMP vendors and DIB organizations relying on Mirasvit hardware. The active exploitation status and remote code execution capability make this a critical supply-chain threat requiring immediate vendor patching and system isolation.
Shame score — An unauthenticated RCE vulnerability in a widely deployed vendor product that is actively exploited in the wild represents a severe, avoidable supply-chain risk.
Mirasvit Full Page Cache Warmer contains a deserialization of untrusted data vulnerability that could allow unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie.
No correlated FedRAMP products.