{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33674", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-23T16:34:59.930Z", "datePublished": "2026-03-26T21:42:33.590Z", "dateUpdated": "2026-03-30T11:44:22.497Z"}, "containers": {"cna": {"title": "PrestaShop: Improper Use of Validation Framework", "problemTypes": [{"descriptions": [{"cweId": "CWE-1173", "lang": "en", "description": "CWE-1173: Improper Use of Validation Framework", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-283w-xf3q-788v", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-283w-xf3q-788v"}, {"name": "https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.5", "tags": ["x_refsource_MISC"], "url": "https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.5"}, {"name": "https://github.com/PrestaShop/PrestaShop/releases/tag/9.1.0", "tags": ["x_refsource_MISC"], "url": "https://github.com/PrestaShop/PrestaShop/releases/tag/9.1.0"}], "affected": [{"vendor": "PrestaShop", "product": "PrestaShop", "versions": [{"version": "< 8.2.5", "status": "affected"}, {"version": ">= 9.0.0-alpha.1, < 9.1.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-26T21:42:33.590Z"}, "descriptions": [{"lang": "en", "value": "PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 improperly use the validation framework. Versions 8.2.5 and 9.1.0 contain a fix. No known workarounds are available."}], "source": {"advisory": "GHSA-283w-xf3q-788v", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-30T11:44:11.753537Z", "id": "CVE-2026-33674", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T11:44:22.497Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33674", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-30T11:44:11.753537Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T11:44:18.576Z"}}], "cna": {"title": "PrestaShop: Improper Use of Validation Framework", "source": {"advisory": "GHSA-283w-xf3q-788v", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "PrestaShop", "product": "PrestaShop", "versions": [{"status": "affected", "version": "< 8.2.5"}, {"status": "affected", "version": ">= 9.0.0-alpha.1, < 9.1.0"}]}], "references": [{"url": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-283w-xf3q-788v", "name": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-283w-xf3q-788v", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.5", "name": "https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.5", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/PrestaShop/PrestaShop/releases/tag/9.1.0", "name": "https://github.com/PrestaShop/PrestaShop/releases/tag/9.1.0", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 improperly use the validation framework. Versions 8.2.5 and 9.1.0 contain a fix. No known workarounds are available."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1173", "description": "CWE-1173: Improper Use of Validation Framework"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-26T21:42:33.590Z"}}}, "cveMetadata": {"cveId": "CVE-2026-33674", "state": "PUBLISHED", "dateUpdated": "2026-03-30T11:44:22.497Z", "dateReserved": "2026-03-23T16:34:59.930Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-26T21:42:33.590Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*", "matchCriteriaId": "C9FC2346-1455-48F7-ABA8-FBD5253C8ACC", "versionEndExcluding": "8.2.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*", "matchCriteriaId": "765DE050-DDC6-4607-8126-B90DDE614019", "versionEndExcluding": "9.1.0", "versionStartIncluding": "9.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 improperly use the validation framework. Versions 8.2.5 and 9.1.0 contain a fix. No known workarounds are available."}, {"lang": "es", "value": "PrestaShop es una aplicaci\u00f3n web de comercio electr\u00f3nico de c\u00f3digo abierto. Las versiones anteriores a la 8.2.5 y 9.1.0 utilizan incorrectamente el framework de validaci\u00f3n. Las versiones 8.2.5 y 9.1.0 contienen una correcci\u00f3n. No se conocen soluciones alternativas disponibles."}], "id": "CVE-2026-33674", "lastModified": "2026-04-01T13:33:58.613", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.0, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-26T22:16:30.717", "references": [{"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.5"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/PrestaShop/PrestaShop/releases/tag/9.1.0"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-283w-xf3q-788v"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1173"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,8.2.5)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[9.0.0-alpha.1,9.1.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "PrestaShop", "source": "cna", "vendor": "PrestaShop"}, "product": "prestashop", "vendor": "prestashop"}], "analysis": {"en": {"generated_at": "2026-04-02T04:15:16.454508+00:00", "value": {"mitigation_remediation": ["Apply the official security fixes by upgrading PrestaShop to version 8.2.5 or 9.1.0."], "summary": {"action": "Patch", "impact": "Potential Data Disclosure"}, "threat_synthesis": {"affected_systems": "All installations of PrestaShop certified as \"PrestaShop\" that are running any version preceding 8.2.5 or 9.1.0 are affected. This includes both community\u2011edited and commerce stores that rely on the default validation components shipped with those releases.", "description_and_impact": "PrestaShop applications running versions older than 8.2.5 and 9.1.0 improperly use the validation framework, allowing crafted input to bypass normal checks. The likely attack vector involves submitting malicious data via web forms or API calls; this could result in unintended data disclosure or injection. The vulnerability is classified as CWE\u20111173 \"Improper Validation of Data\".", "risk_and_exploitability": "The CVSS score of 2 indicates low severity, and the EPSS score is reported as below 1%, suggesting that exploitation over the internet is unlikely at present. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog, reinforcing that no active exploits are known. Exploitation would require successful injection of malformed input that bypasses validation, but no public proof\u2011of\u2011concept or exploit has been disclosed."}}}}, "created": "2026-03-27T08:31:38.444330+00:00", "updated": "2026-04-02T07:56:11.349985+00:00", "vendors": ["prestashop", "prestashop$PRODUCT$prestashop"]}