CVE-2026-33674
Received Received - Intake

Improper Validation in PrestaShop Before 8.2.5 and

Vulnerability report for CVE-2026-33674, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-03-26

Last updated on: 2026-04-01

Assigner: GitHub, Inc.

Description

PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 improperly use the validation framework. Versions 8.2.5 and 9.1.0 contain a fix. No known workarounds are available.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-03-26
Last Modified
2026-04-01
Generated
2026-07-06
AI Q&A
2026-03-27
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
prestashop prestashop to 8.2.5 (exc)
prestashop prestashop From 9.0.0 (inc) to 9.1.0 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1173 The product does not use, or incorrectly uses, an input validation framework that is provided by the source language or an independent library.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability affects PrestaShop, an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 improperly use the validation framework, which could lead to issues in how data is validated within the application. Versions 8.2.5 and 9.1.0 include a fix for this problem. There are no known workarounds available.

Impact Analysis

The vulnerability has a CVSS base score of 2.0, indicating a low severity. It requires network access with high attack complexity, high privileges, and user interaction. The impact is limited to a low integrity impact, with no confidentiality or availability impact. This means an attacker with the necessary privileges and user interaction could potentially cause minor unauthorized changes, but it is unlikely to result in data loss or service disruption.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade PrestaShop to version 8.2.5 or 9.1.0, as these versions contain the fix for the issue.

No known workarounds are available, so applying the official fix by updating is the recommended immediate step.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-33674. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart