CVE-2026-5242— Code Injection in Mia Technologies' Pizzy Library
Possible ATT&CK Techniques 2AI
T1189 · Drive-by Compromise T1190 · Exploit Public-Facing ApplicationAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| MIA Technology Inc. | Pizzy Library | 1.0.0.26250< 1.3.9.26250 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-5242
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Code Injection in Mia Technologies' Pizzy Library
Source: NVD (National Vulnerability Database)
Vulnerability Description
Improper neutralization of formula elements in a CSV file vulnerability in MIA Technology Inc. Pizzy Library allows Code Injection. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
CWE-1236
Source: NVD (National Vulnerability Database)
Vulnerability Title
MIA Technology Inc Pizzy Library 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
MIA Technology Inc Pizzy Library是MIA Technology Inc公司的一个代码库。 MIA Technology Inc Pizzy Library 1.0.0.26250版本至1.3.9.26250之前版本存在输入验证错误漏洞,该漏洞源于CSV文件中公式元素中和不当,可能导致代码注入。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| MIA Technology Inc. | Pizzy Library | 1.0.0.26250 ~ 1.3.9.26250 | - |
II. Public POCs for CVE-2026-5242
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-5242
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-5242 (1)
- 🔗 T.C. Siber Güvenlik Başkanlığı - Güvenlik Bildirimleri Detaygovernment-resource
Same Patch Batch · MIA Technology Inc. · 2026-06-15 · 3 CVEs total
| CVE-2026-5233 | 7.1 HIGH | Missing Rate Limiting in Mia Technologies' Pizzy Library |
| CVE-2026-5230 | 7.1 HIGH | Improper Access Control in Mia Technologies' Pizzy Library |
IV. Related Vulnerabilities
Same vendor: MIA Technology Inc.
- CVE-2026-5233
Missing Rate Limiting in Mia Technologies' Pizzy Library - CVE-2026-5230
Improper Access Control in Mia Technologies' Pizzy Library - CVE-2024-3264
Broken or Risky Cryptographic Algorithm in Mia Technology's - CVE-2024-5862
User Enumeration in Mia Technology's Mia-Med Health Aplicati - CVE-2023-6519
Seeing admin password hash value in Mia Technology's Mia-Med
Same weakness: CWE-1236
- CVE-2026-47693
Poweradmin: CSV Injection in log export endpoints allows for - CVE-2025-52612
HCL iControl was affected by Export CSV - CSV Injection vuln - CVE-2026-10248
SourceCodester Pharmacy Sales and Inventory System Supplier - CVE-2026-9673
json-2-csv 安全漏洞 - CVE-2026-41073
RT: Spreadsheet downloads vulnerable to CSV/formula injectio
V. Comments for CVE-2026-5242
No comments yet