Input Validation Flaw in PrestaShop Affects Data Security
CVE-2026-14846

4.5MEDIUM

Key Information:

Vendor

Prestashop

Vendor
CVE Published:
13 July 2026

What is CVE-2026-14846?

In PrestaShop version 8.2.1, an improper input validation vulnerability exists due to inadequate sanitization of the 'Alias' parameter within the 'Update your address' function. This flaw can lead to the execution of malicious code when using the 'Get my data in CSV' tool, potentially exposing sensitive personal data of users. Attackers could exploit this weakness to gain unauthorized access to personal information, thereby compromising user privacy and data integrity.

Affected Version(s)

The firmware 8.2.1

References

CVSS V4

Score:
4.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.