CVE-2026-9673
ADVISORY - githubSummary
Versions of the package json-2-csv from 3.15.0 and before 5.5.11 are vulnerable to CSV Injection via the preventCsvInjection option which can be bypassed. An attacker can inject formulas into CSV files, which execute when the files are opened in spreadsheet applications.
EPSS Score: 0.00166 (0.062)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Improper Neutralization of Formula Elements in a CSV File
ADVISORY - github
Improper Neutralization of Formula Elements in a CSV File
NIST
CREATED
UPDATED
ADVISORY IDCVE-2026-9673
EXPLOITABILITY SCORE
2.5
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
5.5mediumGitHub
CREATED
UPDATED
ADVISORY IDGHSA-g27c-q7cp-mhx6
EXPLOITABILITY SCORE
2.5
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)