PrestaShop <8.2.5/9.1.0 Validation Framework Vulnerability
CVE-2026-33674 Published on March 26, 2026

PrestaShop: Improper Use of Validation Framework
PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 improperly use the validation framework. Versions 8.2.5 and 9.1.0 contain a fix. No known workarounds are available.

NVD

Vulnerability Analysis

CVE-2026-33674 is exploitable with network access, requires user interaction and user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
HIGH
Privileges Required:
HIGH
User Interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality Impact:
NONE
Integrity Impact:
LOW
Availability Impact:
NONE

Weakness Type

Improper Use of Validation Framework

The application does not use, or incorrectly uses, an input validation framework that is provided by the source language or an independent library. Many modern coding languages provide developers with input validation frameworks to make the task of input validation easier and less error-prone. These frameworks will automatically check all input against specified criteria and direct execution to error handlers when invalid input is received. The improper use (i.e., an incorrect implementation or missing altogether) of these frameworks is not directly exploitable, but can lead to an exploitable condition if proper input validation is not performed later in the application. Not using provided input validation frameworks can also hurt the maintainability of code as future developers may not recognize the downstream input validation being used in the place of the validation framework.


Products Associated with CVE-2026-33674

Want to know whenever a new CVE is published for PrestaShop? stack.watch will email you.

PrestaShop
 

Affected Versions

PrestaShop:

Exploit Probability

EPSS
0.13%
Percentile
32.31%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.