Skip to main content

CVE-2026-33674

LOW
Improper Use of Validation Framework (CWE-1173)
2026-03-25 https://github.com/PrestaShop/PrestaShop
2.0
CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY
2.0 LOW
AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

3
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
Analysis Generated
Mar 25, 2026 - 19:47 vuln.today
CVE Published
Mar 25, 2026 - 19:40 nvd
LOW 2.0

DescriptionGitHub Advisory

Impact

Fix improper use of validation framework

Patches

Patched in 8.2.5 and 9.1.0

Workarounds

None

References

none

AnalysisAI

PrestaShop versions prior to 8.2.5 and 9.1.0 contain an improper use of validation framework vulnerability that allows information disclosure through integrity violations. An attacker with high privileges and user interaction can potentially bypass validation controls to access or modify sensitive information. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment Despite the CVSS score of 2.0, this vulnerability presents minimal real-world risk when analyzed holistically. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with administrative or high-privilege access could potentially manipulate validation framework logic through carefully crafted requests combined with user interaction to bypass integrity checks and modify specific data fields or integrity constraints within the PrestaShop application. However, the requirement for high privileges, elevated attack complexity, and user interaction makes this a low-probability attack scenario in practice, likely exploitable only in insider threat scenarios or compromised administrative accounts rather than external attacks.
Remediation Upgrade PrestaShop to version 8.2.5 or later for the 8.x branch, or to version 9.1.0 or later for the 9.x branch. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

During next maintenance window: Apply vendor patches when convenient. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-33674 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy