CVE-2026-45247 is a CVSS 9.8, CISA KEV-listed unauthenticated RCE vulnerability in the Mirasvit Full Page Cache Warmer extension for Magento 2, exploitable by passing a crafted serialized PHP object in the CacheWarmer cookie with no credentials or user interaction required. Active exploitation is confirmed by CISA KEV listing. Any internet-facing Magento 2 storefront running Cache Warmer versions before 1.11.12 should be considered at active risk of server compromise, payment skimming implant deployment, and customer data theft.