CVE-2026-9673
ADVISORY - githubSummary
Versions of the package json-2-csv from 3.15.0 and before 5.5.11 are vulnerable to CSV Injection via the preventCsvInjection option which can be bypassed. An attacker can inject formulas into CSV files, which execute when the files are opened in spreadsheet applications.
EPSS Score: 0.00166 (0.062)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Improper Neutralization of Formula Elements in a CSV File
ADVISORY - github
Improper Neutralization of Formula Elements in a CSV File
Sign in to Docker Scout
See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.
Sign in