CVE-2026-9673

ADVISORY - github

Summary

Versions of the package json-2-csv from 3.15.0 and before 5.5.11 are vulnerable to CSV Injection via the preventCsvInjection option which can be bypassed. An attacker can inject formulas into CSV files, which execute when the files are opened in spreadsheet applications.

EPSS Score: 0.00166 (0.062)

Common Weakness Enumeration (CWE)

ADVISORY - nist

Improper Neutralization of Formula Elements in a CSV File

ADVISORY - github

Improper Neutralization of Formula Elements in a CSV File


NIST

CREATED

UPDATED

ADVISORY IDCVE-2026-9673
EXPLOITABILITY SCORE

2.5

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

5.5medium

GitHub

CREATED

UPDATED

EXPLOITABILITY SCORE

2.5

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

5.5medium