cve-2026-45461

CVE-2026-45461 is a Critical Microsoft Office remote code execution vulnerability disclosed on June 9, 2026. Although its CVSS vector lists the attack vector as local (AV:L), Microsoft classifies it as an RCE because exploitation typically involves code running on the victim's machine via hostile files, previews, or local parsing paths. This distinction reflects a difference between Microsoft's impact categorization and CVSS technical attack vector definitions. For administrators, the vulnerability represents a remote-style risk even though the network is not the direct attack surface. Discussions on WindowsForum cover the practical implications for defending Office environments against such threats.