You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cvss local vector
About this tag
The tag cvss local vector covers discussions about the CVSS attack vector component that indicates a vulnerability must be exploited locally. In WindowsForum threads, users analyze cases like CVE-2026-26107, where a Microsoft Excel RCE vulnerability is labeled "Remote" in the advisory but has a CVSS vector of AV:L (Local). The tag explains the distinction: the CVE title describes where an attacker can start (remote), while the CVSS local vector describes where the vulnerable code executes (locally in Excel). This helps defenders understand apparent mismatches in vulnerability reporting and correctly interpret CVSS scoring for local attack vectors in Microsoft products.
Microsoft’s advisory for CVE-2026-26107 is labeled a “Microsoft Excel Remote Code Execution Vulnerability,” yet the published CVSS vector for the same issue is CVSS:3.1/AV:L/... (Attack Vector: Local). That apparent mismatch—“Remote” in the advisory headline vs. AV:L (Local) in the CVSS...