CVE Catalog

CVE-2026-12862

MediumCVSS 5.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.23%

13th percentile — higher than 13% of all known CVEs

Summary

Untrusted user data was passed verbatim to Excel exports for administrators. This allowed formula injection which can be used to compromise the environment of the user loading the file or other data in the file.

Risk Assessment

The risk is that malicious formulas can be used to take control of the user's system, potentially leading to data loss or security breaches.

Recommendation

It is recommended to validate and sanitize user data before passing it to Excel exports to prevent formula injection.

Original NVD description (English source)

Untrusted user data was passed verbatim to Excel exports for administrators. This allowed formula injection which can be used to compromise the environment of the user loading the file or other data in the file.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS