Medium severity6.8NVD Advisory· Published May 28, 2026· Updated May 29, 2026
CVE-2026-9673
CVE-2026-9673
Description
Versions of the package json-2-csv from 3.15.0 and before 5.5.11 are vulnerable to CSV Injection via the preventCsvInjection option which can be bypassed. An attacker can inject formulas into CSV files, which execute when the files are opened in spreadsheet applications.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5(expand)+ 1 more
- (no CPE)
- (no CPE)range: >=3.15.0 <5.5.11
- osv-coords3 versionspkg:apk/chainguard/opensearch-dashboards-3-dashboards-reportingpkg:apk/chainguard/opensearch-dashboards-3-fips-dashboards-reportingpkg:apk/wolfi/opensearch-dashboards-3-dashboards-reporting
< 3.7.0-r4+ 2 more
- (no CPE)range: < 3.7.0-r4
- (no CPE)range: < 3.7.0-r6
- (no CPE)range: < 3.7.0-r4
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.