COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2026-45247

CVE-2026-45247

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2026-06-03
Reference
https://nvd.nist.gov/vuln/detail/CVE-2026-45247
⚡ RCE ⌖ exploited in the wild shame 85/100 rceexploited-in-wildsupply-chainunpatched

Mirasvit Full Page Cache Warmer allows unauthenticated remote code execution via crafted serialized PHP objects in the CacheWarmer cookie.

This vulnerability enables unauthenticated attackers to execute arbitrary code on Mirasvit systems by exploiting a deserialization flaw in the CacheWarmer cookie, posing a severe risk to FedRAMP vendors and DIB organizations relying on Mirasvit hardware. The active exploitation status and remote code execution capability make this a critical supply-chain threat requiring immediate vendor patching and system isolation.

Shame score — An unauthenticated RCE vulnerability in a widely deployed vendor product that is actively exploited in the wild represents a severe, avoidable supply-chain risk.

Players implicated

Mirasvit · vendorMirasvit Full Page Cache Warmer · product

Description

Mirasvit Full Page Cache Warmer contains a deserialization of untrusted data vulnerability that could allow unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.