CVE-2026-9673_CVE-2026-9673

6.8 / 10

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:P

Description

Versions of the package json-2-csv from 3.15.0 and before 5.5.11 are vulnerable to CSV Injection via the preventCsvInjection option which can be bypassed. An attacker can inject formulas into CSV files, which execute when the files are opened in spreadsheet applications.

Basic Information

ID CVE-2026-9673

Source snyk

Published May 28, 2026 at 05:00

Affected Product

Vendor n/a

Product json-2-csv

Version 3.15.0

Affected Versions n/a json-2-csv 3.15.0

References

{
    "lastseen": "",
    "description": "Versions of the package json-2-csv from 3.15.0 and before 5.5.11 are vulnerable to CSV Injection via the preventCsvInjection option which can be bypassed. An attacker can inject formulas into CSV files, which execute when the files are opened in spreadsheet applications.",
    "published": "2026-05-28T05:00:02.387Z",
    "modified": "2026-05-28T05:00:02.387Z",
    "type": "cve",
    "title": "CVE-2026-9673",
    "source": "snyk",
    "references": "https://security.snyk.io/vuln/SNYK-JS-JSON2CSV-14221326\nhttps://github.com/mrodrig/json-2-csv/blob/main/src/json2csv.ts%23L410\nhttps://gist.github.com/whoamins/299745a2d36b482b44e9613b78e40613\nhttps://github.com/mrodrig/json-2-csv/commit/0fdd0bb6d0273178cd940afc323ccbce19688229",
    "id": "CVE-2026-9673",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "n/a json-2-csv 3.15.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.8,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:P",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "json-2-csv",
    "version": "3.15.0",
    "vendor": "n/a",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

References

💭 Join the Security Discussion ❌ Cancel Reply