Description
PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 improperly use the validation framework. Versions 8.2.5 and 9.1.0 contain a fix. No known workarounds are available.
Published: 2026-03-26
Score: 2 Low
EPSS: n/a
KEV: No
Impact: Limited validation flaw with low security impact
Action: Apply Patch
AI Analysis

Impact

PrestaShop versions older than 8.2.5 and 9.1.0 contain a flaw in the way the validation framework is used. The improper handling of input could allow malicious data to bypass normal checks, potentially leading to data integrity problems or accidental exposure of information. The CVSS score of 2 indicates that the overall impact is considered low and no confirmed exploitation cases are reported.

Affected Systems

The affected product is PrestaShop, the open‑source e‑commerce platform. All releases prior to 8.2.5 in the 8.x series and prior to 9.1.0 in the 9.x series are vulnerable. The vendor has released 8.2.5 and 9.1.0 with the required fix, so any installation running an older version of either major release is potentially impacted.

Risk and Exploitability

With a CVSS score of 2 the risk is rated low. EPSS data is not available and the flaw is not listed in the CISA KEV catalog, suggesting that it is not a high‑visibility target. Based on the description, the likely attack vector is remote, involving specially crafted requests sent to the web application. No known workarounds exist, and exploiting the flaw would require input that can reach the validation stage of the processing pipeline.

Generated by OpenCVE AI on March 26, 2026 at 23:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Determine the exact PrestaShop version in use
  • If running a version older than 8.2.5 or 9.1.0, upgrade to a patched release (8.2.5 or later, 9.1.0 or later)
  • Verify that the upgrade succeeded and all storefront pages function as expected

Generated by OpenCVE AI on March 26, 2026 at 23:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-283w-xf3q-788v PrestaShop: Improper Use of Validation Framework
History

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Prestashop
Prestashop prestashop
Vendors & Products Prestashop
Prestashop prestashop

Thu, 26 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Description PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 improperly use the validation framework. Versions 8.2.5 and 9.1.0 contain a fix. No known workarounds are available.
Title PrestaShop: Improper Use of Validation Framework
Weaknesses CWE-1173
References
Metrics cvssV3_1

{'score': 2, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N'}

Subscriptions

Prestashop Prestashop
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-26T21:42:33.590Z

Reserved: 2026-03-23T16:34:59.930Z

Link: CVE-2026-33674

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-03-26T22:16:30.717

Modified: 2026-03-26T22:16:30.717

Link: CVE-2026-33674

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:23:04Z

Weaknesses