CISA Adds One Known Exploited Vulnerability to Catalog
Summary
CISA has added CVE-2026-45247, a deserialization vulnerability in Mirasvit Full Page Cache Warmer, to its Known Exploited Vulnerabilities (KEV) Catalog. This addition, based on evidence of active exploitation, highlights a significant risk to federal agencies and is a call to action for all organizations to prioritize remediation.
IFF Assessment
The addition of a known exploited vulnerability to a government catalog indicates an active threat that defenders must address.
Severity
CISA KEV: Listed as actively exploited. Federal patch due: June 06, 2026. Known ransomware use: Unknown.
Defender Context
Organizations should proactively monitor CISA's KEV Catalog for newly added vulnerabilities and prioritize patching to mitigate risks. The inclusion of this deserialization vulnerability underscores the ongoing threat posed by insecure deserialization practices in software.