PT-2026-57668 · Prestashop · Tex Firmware

Published

2026-07-13

·

Updated

2026-07-13

·

CVE-2026-14846

CVSS v4.0

4.5

Medium

VectorAV:N/AC:L/AT:P/PR:H/UI:A/VC:L/VI:L/VA:L/SC:L/SI:L/SA:H
In version 8.2.1 of PrestaShop, there is a vulnerability relating to the incorrect sanitisation of elements, caused by inadequate validation of the ‘Alias’ parameter in the ‘Update your address’ function. This flaw allows an attacker to inject malicious expressions that are executed when the information is exported using the ‘Get my data in CSV’ tool. Successful exploitation of this vulnerability could facilitate unauthorised access to the victim’s personal data.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-14846

Affected Products

Tex Firmware