CVE-2026-55045 allows code execution through an out-of-bounds read in Microsoft Office, but its CVSS 3.1 vector classifies the attack path as local rather than network-based. The apparent contradiction comes from Microsoft’s use of remote code execution to describe the security impact, while...