CVE-2026-33674
LOWSeverity by source
AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N
Lifecycle Timeline
3DescriptionGitHub Advisory
Impact
Fix improper use of validation framework
Patches
Patched in 8.2.5 and 9.1.0
Workarounds
None
References
none
AnalysisAI
PrestaShop versions prior to 8.2.5 and 9.1.0 contain an improper use of validation framework vulnerability that allows information disclosure through integrity violations. An attacker with high privileges and user interaction can potentially bypass validation controls to access or modify sensitive information. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Vulnerability AssessmentAI
| Risk Assessment | Despite the CVSS score of 2.0, this vulnerability presents minimal real-world risk when analyzed holistically. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with administrative or high-privilege access could potentially manipulate validation framework logic through carefully crafted requests combined with user interaction to bypass integrity checks and modify specific data fields or integrity constraints within the PrestaShop application. However, the requirement for high privileges, elevated attack complexity, and user interaction makes this a low-probability attack scenario in practice, likely exploitable only in insider threat scenarios or compromised administrative accounts rather than external attacks. |
| Remediation | Upgrade PrestaShop to version 8.2.5 or later for the 8.x branch, or to version 9.1.0 or later for the 9.x branch. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
During next maintenance window: Apply vendor patches when convenient. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today