Executive Summary
CISA added CVE-2026-45247 to the Known Exploited Vulnerabilities catalog on 2026-06-03, with a federal remediation due date of 2026-06-24 [cisa.gov opens in a new tab]. The affected component is Mirasvit Cache Warmer for Magento 2, a Magento / Adobe Commerce extension commonly deployed on ecommerce sites.
This post is scoped as an exploited-vulnerability response item rather than a confirmed package-publish compromise. The supply-chain relevance is operational: a third-party Magento module running inside an ecommerce application can become the exploited boundary for admin abuse, web-tier persistence, order-data exposure, payment-flow modification, or credential theft. Operators should verify whether mirasvit/module-cache-warmer is installed and update to 1.11.12 or later where the module is present [nvd.nist.gov opens in a new tab] [packagist.org opens in a new tab].