cve-2026-44820

CVE-2026-44820 is a Microsoft Excel Remote Code Execution vulnerability that highlights a common confusion between product-security terminology and CVSS scoring. Although Microsoft labels it as remote, the CVSS attack vector is Local because the vulnerable Excel processing occurs on the target machine. This apparent contradiction stems from a vocabulary collision: the bug is exploited via a malicious document that crosses the network but detonates locally. For defenders, the key takeaway is that document-based attacks often involve both remote delivery and local execution. Discussions on WindowsForum cover how to interpret this vulnerability, its implications for enterprise security, and practical guidance for protecting systems against such Excel-based RCE threats.