🔐 CVE Alert

CVE-2026-14846

UNKNOWN 0.0

Incorrect neutralisation in the PrestaShop firmware

CVSS Score
0.0
EPSS Score
0.3%
EPSS Percentile
25th

In version 8.2.1 of PrestaShop, there is a vulnerability relating to the incorrect sanitisation of elements, caused by inadequate validation of the ‘Alias’ parameter in the ‘Update your address’ function. This flaw allows an attacker to inject malicious expressions that are executed when the information is exported using the ‘Get my data in CSV’ tool. Successful exploitation of this vulnerability could facilitate unauthorised access to the victim’s personal data.

CWE CWE-1236
Vendor prestashop
Product the firmware
Published Jul 13, 2026
Last Updated Jul 13, 2026
Stay Ahead of the Next One

Get instant alerts for prestashop the firmware

Be the first to know when new unknown vulnerabilities affecting prestashop the firmware are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

PrestaShop / The firmware
8.2.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗
incibe.es: https://www.incibe.es/en/incibe-cert/notices/aviso/incorrect-neutralisation-prestashop-firmware