AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

🔥 This vulnerability is being actively exploited in the wild (CISA Known Exploited Vulnerabilities catalog)

CVE-2026-45247: Mirasvit Full Page Cache Warmer Deserialization of Untrusted Data Vulnerability

infovulnerability🔥 Actively Exploited

security

Source: CISA Known Exploited VulnerabilitiesJune 2, 2026CVE-2026-45247

Summary

Mirasvit Full Page Cache Warmer contains a deserialization vulnerability (a flaw where untrusted data is converted back into executable code), allowing attackers without authentication to run arbitrary commands on affected systems by sending a malicious serialized PHP object (a packaged piece of code) through the CacheWarmer cookie. This vulnerability is currently being exploited in active attacks.

Solution / Mitigation

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. See vendor changelog at https://mirasvit.com/package/changelog/?package=mirasvit/module-cache-warmer for available patches.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 0.1%

Patch Available

Yes

Exploit Maturity

🔥 Actively Exploited

Disclosure Date

June 2, 2026

Classification

Attack SophisticationModerate

Taxonomy References

CWE (Weakness Type)

CWE-502

CAPEC (Attack Pattern)

CAPEC-586

Monthly digest — independent AI security research

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-45247

First tracked: June 3, 2026 at 02:00 PM

Classified by LLM (prompt v3) · confidence: 95%