Npm · Json-2-Csv · CVE-2026-9673
**Name of the Vulnerable Software and Affected Versions**
json-2-csv versions 3.15.0 through 5.5.10
**Description**
CSV Injection occurs when the `preventCsvInjection` option is bypassed, allowing an attacker to inject formulas into CSV files. These formulas execute automatically when the files are opened in spreadsheet applications.
**Recommendations**
Update to version 5.5.11 or later.