PatchSiren cyber security CVE debrief
CVE-2026-5242 MIA Technology Inc. CVE debrief
CVE-2026-5242 is a high-severity vulnerability in MIA Technology Inc. Pizzy Library, allowing code injection via improper neutralization of formula elements in a CSV file. The vulnerability has a CVSS score of 8.8 and affects Pizzy Library versions from 1.0.0.26250 to before 1.3.9.26250.
- Vendor
- MIA Technology Inc.
- Product
- Pizzy Library
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of MIA Technology Inc. Pizzy Library, especially those using versions from 1.0.0.26250 to before 1.3.9.26250, should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability is caused by improper neutralization of formula elements in a CSV file, which allows for code injection. This issue has been assigned a CVSS score of 8.8, indicating a high severity.
Defensive priority
High
Recommended defensive actions
- Update Pizzy Library to version 1.3.9.26250 or later.
- Review and validate CSV files before processing them.
Evidence notes
The CVE record and NVD detail can be found at [cve-org] and [nvd], respectively. Additional information can be found at [ref-4].
Official resources
-
CVE-2026-5242 CVE record
CVE.org
-
CVE-2026-5242 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-5242 was published on 2026-06-15T14:16:37.697Z and has not been modified since then.