CVE-2026-33674
Received Received - Intake
Improper Validation in PrestaShop Before 8.2.5 and

Publication date: 2026-03-26

Last updated on: 2026-04-01

Assigner: GitHub, Inc.

Description
PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 improperly use the validation framework. Versions 8.2.5 and 9.1.0 contain a fix. No known workarounds are available.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-26
Last Modified
2026-04-01
Generated
2026-06-16
AI Q&A
2026-03-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-33674
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
prestashop prestashop to 8.2.5 (exc)
prestashop prestashop From 9.0.0 (inc) to 9.1.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1173 The product does not use, or incorrectly uses, an input validation framework that is provided by the source language or an independent library.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects PrestaShop, an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 improperly use the validation framework, which could lead to issues in how data is validated within the application. Versions 8.2.5 and 9.1.0 include a fix for this problem. There are no known workarounds available.

Impact Analysis

The vulnerability has a CVSS base score of 2.0, indicating a low severity. It requires network access with high attack complexity, high privileges, and user interaction. The impact is limited to a low integrity impact, with no confidentiality or availability impact. This means an attacker with the necessary privileges and user interaction could potentially cause minor unauthorized changes, but it is unlikely to result in data loss or service disruption.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade PrestaShop to version 8.2.5 or 9.1.0, as these versions contain the fix for the issue.

No known workarounds are available, so applying the official fix by updating is the recommended immediate step.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-33674. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart