cve 2026 45475

CVE-2026-45475 is a Microsoft Office Remote Code Execution vulnerability that has generated discussion on WindowsForum.com due to an apparent contradiction in its CVSS scoring. The vulnerability is labeled as remote code execution because the attacker can be remote from the victim, yet the CVSS attack vector is Local because the vulnerable code executes on the victim's machine when Office processes local content. This discrepancy arises from different security taxonomies: Microsoft describes the impact and attacker posture, while CVSS describes the technical exploitation path. For administrators, this distinction is important because CVE-2026-45475 is not an Internet-facing service bug but remains a serious document-handling risk that requires attention.