CVE-2026-33674
Improper Validation in PrestaShop Before 8.2.5 and
Publication date: 2026-03-26
Last updated on: 2026-04-01
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| prestashop | prestashop | to 8.2.5 (exc) |
| prestashop | prestashop | From 9.0.0 (inc) to 9.1.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1173 | The product does not use, or incorrectly uses, an input validation framework that is provided by the source language or an independent library. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects PrestaShop, an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 improperly use the validation framework, which could lead to issues in how data is validated within the application. Versions 8.2.5 and 9.1.0 include a fix for this problem. There are no known workarounds available.
How can this vulnerability impact me? :
The vulnerability has a CVSS base score of 2.0, indicating a low severity. It requires network access with high attack complexity, high privileges, and user interaction. The impact is limited to a low integrity impact, with no confidentiality or availability impact. This means an attacker with the necessary privileges and user interaction could potentially cause minor unauthorized changes, but it is unlikely to result in data loss or service disruption.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade PrestaShop to version 8.2.5 or 9.1.0, as these versions contain the fix for the issue.
No known workarounds are available, so applying the official fix by updating is the recommended immediate step.