Vulnerability in PrestaShop Affects Open Source E-Commerce Platform
CVE-2026-33674

2LOW

Key Information:

Vendor

Prestashop

Status
Prestashop
Vendor
CVE Published:
26 March 2026

What is CVE-2026-33674?

PrestaShop, a widely-used open-source e-commerce platform, is affected by a vulnerability in its validation framework. Versions prior to 8.2.5 and 9.1.0 contain flaws that could lead to security risks, as the improper utilization of the framework allows for potential input manipulation. Users are advised to upgrade to versions 8.2.5 or 9.1.0, which contain essential patches addressing this issue. It is important to note that no known workarounds exist for these vulnerabilities.

Affected Version(s)

PrestaShop < 8.2.5 < 8.2.5

PrestaShop >= 9.0.0-alpha.1, < 9.1.0 < 9.0.0-alpha.1, 9.1.0

References

https://github.com/PrestaShop/PrestaShop/security/advisor...
x_refsource_CONFIRM
https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.5
x_refsource_MISC
https://github.com/PrestaShop/PrestaShop/releases/tag/9.1.0
x_refsource_MISC

CVSS V3.1

Score:
2
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.