CVE-2026-14846

Summary

In version 8.2.1 of PrestaShop, there is a vulnerability relating to the incorrect sanitisation of elements, caused by inadequate validation of the ‘Alias’ parameter in the ‘Update your address’ function. This flaw allows an attacker to inject malicious expressions that are executed when the information is exported using the ‘Get my data in CSV’ tool. Successful exploitation of this vulnerability could facilitate unauthorised access to the victim’s personal data.

Affected Software

VendorProductVersion RangeStatus
PrestaShopThe firmware8.2.1affected

Weaknesses

  • CWE-1236: CWE-1236 Improper neutralization of formula elements in a CSV file

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References