{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33674", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-23T16:34:59.930Z", "datePublished": "2026-03-26T21:42:33.590Z", "dateUpdated": "2026-03-30T11:44:22.497Z"}, "containers": {"cna": {"title": "PrestaShop: Improper Use of Validation Framework", "problemTypes": [{"descriptions": [{"cweId": "CWE-1173", "lang": "en", "description": "CWE-1173: Improper Use of Validation Framework", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-283w-xf3q-788v", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-283w-xf3q-788v"}, {"name": "https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.5", "tags": ["x_refsource_MISC"], "url": "https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.5"}, {"name": "https://github.com/PrestaShop/PrestaShop/releases/tag/9.1.0", "tags": ["x_refsource_MISC"], "url": "https://github.com/PrestaShop/PrestaShop/releases/tag/9.1.0"}], "affected": [{"vendor": "PrestaShop", "product": "PrestaShop", "versions": [{"version": "< 8.2.5", "status": "affected"}, {"version": ">= 9.0.0-alpha.1, < 9.1.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-26T21:42:33.590Z"}, "descriptions": [{"lang": "en", "value": "PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 improperly use the validation framework. Versions 8.2.5 and 9.1.0 contain a fix. No known workarounds are available."}], "source": {"advisory": "GHSA-283w-xf3q-788v", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-30T11:44:11.753537Z", "id": "CVE-2026-33674", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T11:44:22.497Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33674", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-30T11:44:11.753537Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T11:44:18.576Z"}}], "cna": {"title": "PrestaShop: Improper Use of Validation Framework", "source": {"advisory": "GHSA-283w-xf3q-788v", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "PrestaShop", "product": "PrestaShop", "versions": [{"status": "affected", "version": "< 8.2.5"}, {"status": "affected", "version": ">= 9.0.0-alpha.1, < 9.1.0"}]}], "references": [{"url": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-283w-xf3q-788v", "name": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-283w-xf3q-788v", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.5", "name": "https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.5", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/PrestaShop/PrestaShop/releases/tag/9.1.0", "name": "https://github.com/PrestaShop/PrestaShop/releases/tag/9.1.0", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 improperly use the validation framework. Versions 8.2.5 and 9.1.0 contain a fix. No known workarounds are available."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1173", "description": "CWE-1173: Improper Use of Validation Framework"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-26T21:42:33.590Z"}}}, "cveMetadata": {"cveId": "CVE-2026-33674", "state": "PUBLISHED", "dateUpdated": "2026-03-30T11:44:22.497Z", "dateReserved": "2026-03-23T16:34:59.930Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-26T21:42:33.590Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*", "matchCriteriaId": "C9FC2346-1455-48F7-ABA8-FBD5253C8ACC", "versionEndExcluding": "8.2.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*", "matchCriteriaId": "765DE050-DDC6-4607-8126-B90DDE614019", "versionEndExcluding": "9.1.0", "versionStartIncluding": "9.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 improperly use the validation framework. Versions 8.2.5 and 9.1.0 contain a fix. No known workarounds are available."}, {"lang": "es", "value": "PrestaShop es una aplicaci\u00f3n web de comercio electr\u00f3nico de c\u00f3digo abierto. Las versiones anteriores a la 8.2.5 y 9.1.0 utilizan incorrectamente el framework de validaci\u00f3n. Las versiones 8.2.5 y 9.1.0 contienen una correcci\u00f3n. No se conocen soluciones alternativas disponibles."}], "id": "CVE-2026-33674", "lastModified": "2026-04-01T13:33:58.613", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.0, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-26T22:16:30.717", "references": [{"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.5"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/PrestaShop/PrestaShop/releases/tag/9.1.0"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-283w-xf3q-788v"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1173"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,8.2.5)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[9.0.0-alpha.1,9.1.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "PrestaShop", "source": "cna", "vendor": "PrestaShop"}, "product": "prestashop", "vendor": "prestashop"}], "analysis": {"en": {"generated_at": "2026-03-26T23:22:11.316582+00:00", "value": {"mitigation_remediation": ["Determine the exact PrestaShop version in use", "If running a version older than 8.2.5 or 9.1.0, upgrade to a patched release (8.2.5 or later, 9.1.0 or later)", "Verify that the upgrade succeeded and all storefront pages function as expected"], "summary": {"action": "Apply Patch", "impact": "Limited validation flaw with low security impact"}, "threat_synthesis": {"affected_systems": "The affected product is PrestaShop, the open\u2011source e\u2011commerce platform. All releases prior to 8.2.5 in the 8.x series and prior to 9.1.0 in the 9.x series are vulnerable. The vendor has released 8.2.5 and 9.1.0 with the required fix, so any installation running an older version of either major release is potentially impacted.", "description_and_impact": "PrestaShop versions older than 8.2.5 and 9.1.0 contain a flaw in the way the validation framework is used. The improper handling of input could allow malicious data to bypass normal checks, potentially leading to data integrity problems or accidental exposure of information. The CVSS score of 2 indicates that the overall impact is considered low and no confirmed exploitation cases are reported.", "risk_and_exploitability": "With a CVSS score of 2 the risk is rated low. EPSS data is not available and the flaw is not listed in the CISA KEV catalog, suggesting that it is not a high\u2011visibility target. Based on the description, the likely attack vector is remote, involving specially crafted requests sent to the web application. No known workarounds exist, and exploiting the flaw would require input that can reach the validation stage of the processing pipeline."}}}}, "created": "2026-03-27T08:31:38.444330+00:00", "updated": "2026-03-27T09:23:04.562734+00:00", "vendors": ["prestashop", "prestashop$PRODUCT$prestashop"]}