cve-2026-45456

CVE-2026-45456 is a security vulnerability in Microsoft Outlook and Word that Microsoft rates as remote code execution, even though the CVSS attack vector is Local. This means the attacker can be remote, but exploitation occurs through content processed on the victim's machine, such as Outlook using Word rendering. It is not a network-listening service bug, but it can be triggered by hostile content arriving from afar. For Windows administrators, this distinction is important: the vulnerability remains operationally serious and requires patching, even though the scoring system classifies the attack vector as local. Discussions on WindowsForum cover the technical details, CVSS scoring nuances, and mitigation strategies for this CVE.