VYPR
Moderate severityNVD Advisory· Published Feb 6, 2026· Updated Feb 9, 2026

PrestaShop has a time based enumeration in FO login form

CVE-2026-25597

Description

PrestaShop is an open source e-commerce web application. Prior to 8.2.4 and 9.0.3, there is a time-based user enumeration vulnerability in the user authentication functionality of PrestaShop. This vulnerability allows an attacker to determine whether a customer account exists in the system by measuring response times. This vulnerability is fixed in 8.2.4 and 9.0.3.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
prestashop/prestashopPackagist
>= 9.0.0-alpha.1, < 9.0.39.0.3
prestashop/prestashopPackagist
< 8.2.48.2.4

Affected products

3

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.