CVE-2026-45247

⚠ KEV

Mirasvit Full Page Cache Warmer Deserialization of Untrusted Data Vulnerability

Added to CISA KEV: 6/3/2026

Description

Mirasvit Full Page Cache Warmer contains a deserialization of untrusted data vulnerability that could allow unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie.

Affected packages (0)

No package mapping in OSV.