CVE-2026-12862
MediumCVSS 5.1Exploitation Probability (EPSS)
Low risk13th percentile — higher than 13% of all known CVEs
Summary
Untrusted user data was passed verbatim to Excel exports for administrators. This allowed formula injection which can be used to compromise the environment of the user loading the file or other data in the file.
Risk Assessment
The risk is that malicious formulas can be used to take control of the user's system, potentially leading to data loss or security breaches.
Recommendation
It is recommended to validate and sanitize user data before passing it to Excel exports to prevent formula injection.
Original NVD description (English source)
Untrusted user data was passed verbatim to Excel exports for administrators. This allowed formula injection which can be used to compromise the environment of the user loading the file or other data in the file.

