CVE-2026-33674

LOW

PrestaShop: Improper Use of Validation Framework

Title source: cna

Description

PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 improperly use the validation framework. Versions 8.2.5 and 9.1.0 contain a fix. No known workarounds are available.

References (3)

[X_Refsource_Confirm] https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-283w-xf3q-788v

[X_Refsource_Misc] https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.5

[X_Refsource_Misc] https://github.com/PrestaShop/PrestaShop/releases/tag/9.1.0

Scores

CVSS v3 2.0

EPSS 0.0009

EPSS Percentile 26.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N

Details

CWE

CWE-1173

Status published

Products (4)

prestashop/prestashop < 8.2.5

prestashop/prestashop 0 - 8.2.5Packagist

PrestaShop/PrestaShop < 8.2.5

PrestaShop/PrestaShop >= 9.0.0-alpha.1, < 9.1.0

Published Mar 26, 2026

Tracked Since Mar 27, 2026