CVE-2026-45247: Mirasvit Full Page Cache Warmer Deserialization of

Mirasvit Full Page Cache Warmer Deserialization of Untrusted Data Vulnerability. Mirasvit Full Page Cache Warmer contains a deserialization of untrusted data vulnerability that could allow unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie.

• CISA KEV-listed (remediation due 2026-06-06)
• EPSS 6.1% (91.0% percentile)

Browse the CVE database

Read the full analysis on IntelFusions