CVE-2026-33674 LOW

CVE-2026-33674: PrestaShop: Improper Use of Validation Framework

Vendor Prestashop
Product PrestaShop
Weakness CWE-1173
Published March 26, 2026
Last update March 30, 2026

CVSS base score

2.0/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 improperly use the validation framework. Versions 8.2.5 and 9.1.0 contain a fix. No known workarounds are available.

Key dates

02Disclosure timeline

March 26, 2026 CVE published
March 30, 2026 Record updated