What is CVE-2026-9673?

CVE-2026-9673 is a medium-severity vulnerability in Json-2-csv, classified under Improper Neutralization of Formula Elements in a CSV File. CVSS score: 6.8/10. Published 2026-05-28.

How severe is CVE-2026-9673?

Medium severity. CVSS v3 base score is 6.8 out of 10.

Vulnerability in Json-2-csv

CVE-2026-9673

Versions of the package json-2-csv from 3.15.0 and before 5.5.11 are vulnerable to CSV Injection via the preventCsvInjection option which can be bypassed. An attacker can inject formulas into CSV files, which execute when the files are ope…

EPSS: 0.000 (10.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.8 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N.

Affected products

N/a Json-2-csv — versions 3.15.0

Weakness classification (CWE)

CWE-1236 — Improper Neutralization of Formula Elements in a CSV File

References

report@snyk.io
report@snyk.io
report@snyk.io
report@snyk.io

Frequently asked questions

What is CVE-2026-9673?: CVE-2026-9673 is a medium-severity vulnerability in Json-2-csv, classified under Improper Neutralization of Formula Elements in a CSV File. CVSS score: 6.8/10. Published 2026-05-28.
How severe is CVE-2026-9673?: Medium severity. CVSS v3 base score is 6.8 out of 10.