CVE-2026-55133 is a Microsoft OneNote remote code execution vulnerability whose CVSS Attack Vector is Local, a combination that sounds contradictory but describes two different parts of the attack. “Remote code execution” identifies the attacker’s relationship to the victim, while
Microsoft published CVE-2026-55133 through the Microsoft Security Response Center on July 14, 2026. In its advisory, Microsoft explains that the attacker can be remote even though exploitation must ultimately occur through code or content handled on the victim’s local machine.
This is the familiar malicious-document model rather than a network-service exploit. An attacker may send, host, or otherwise deliver a crafted OneNote file from somewhere else, but the vulnerability is reached only when that content is opened or processed on the target device.
The phrase remote code execution, or RCE, is widely interpreted as meaning that an attacker can transmit a packet directly to a listening service and immediately execute code. That is one form of RCE, but it is not the only form covered by Microsoft’s vulnerability titles.
In this context, “remote” means that the attacker does not need to be physically present at the affected computer. The attacker can prepare the malicious content elsewhere and deliver it through email, a messaging platform, cloud storage, a download page, or another distribution channel.
The “code execution” portion describes the potential result. Successful exploitation could cause attacker-controlled code to run in the security context of the user or process that opened the content. Microsoft also notes that vulnerabilities of this kind may be described more precisely as arbitrary code execution, or ACE.
That title therefore answers the impact question: can an off-device attacker ultimately cause code of their choosing to execute on the target? The CVSS Attack Vector answers a narrower technical question: what interface or execution context must be used to reach the vulnerable component?
Those answers can be “remote attacker” and “local attack vector” at the same time.
Why OneNote Receives an
The Forum of Incident Response and Security Teams, which maintains CVSS, defines the Attack Vector metric around the path used to exploit the vulnerable component.
That distinction is particularly important for Microsoft Office vulnerabilities. A OneNote file may arrive over the internet, but downloading the file is not necessarily the exploitation event. The vulnerable OneNote code runs locally when the application opens, parses, renders, or otherwise processes the crafted content.
FIRST’s CVSS guidance explicitly separates file delivery from vulnerability exploitation. A document-parsing flaw is normally considered local regardless of whether the malicious document arrived through a website, email, network share, cloud-sync service, or USB drive.
In simplified form, the likely attack chain looks like this:
A Network rating would normally require the vulnerable OneNote component to be directly reachable across a network. An attacker would need to interact with that component through a network-bound interface rather than arrange for a local application to process a file.
For example, a hypothetical service that listened on a TCP port and could be compromised merely by receiving a crafted request would fit
CVE-2026-55133 does not receive that classification simply because its payload might be emailed or downloaded. The internet is the delivery mechanism, while OneNote’s local processing is the exploitation mechanism.
This also explains why administrators should not read
The Privileges Required and User Interaction metrics provide additional context for those distinctions. Attack Vector alone does not say whether the attacker needs a local account, whether the victim must click something, or which security context would execute the resulting code. Each field describes a separate property of the exploit.
However, delivery controls are not a substitute for installing Microsoft’s security update. Files can arrive through encrypted archives, personal cloud accounts, collaboration tools, removable media, or previously trusted locations. A document may also remain dormant in a mailbox or shared folder until long after it was first received.
Administrators should identify supported Microsoft 365 Apps and Office installations covered by Microsoft’s July 14, 2026 security release, then verify that the applicable Office servicing updates have completed. Click-to-Run deployments can be checked through Microsoft 365 Apps update management, while MSI-based Office installations may require the corresponding standalone security package and deployment validation.
Security teams should also remember that OneNote notebooks and related content can travel through more channels than conventional email attachments. OneDrive, SharePoint, Microsoft Teams, browser downloads, synchronization folders, and third-party messaging services can all place files on an endpoint for local processing.
Where immediate patching is delayed, existing controls should be reviewed for untrusted OneNote content and unexpected child processes launched from Office applications. Blocking unknown executables, applying Microsoft Defender Attack Surface Reduction rules where compatible, and limiting content from untrusted sources can reduce exposure, but Microsoft’s fixed build remains the durable remediation.
The shortest interpretation is that the attacker may be remote, but the vulnerable parsing or execution step is local. The malicious content can cross the internet, yet exploitation does not occur until OneNote handles that content on the target machine.
For patch prioritization,
AV:L describes where OneNote processes the malicious input and triggers the flaw.Microsoft published CVE-2026-55133 through the Microsoft Security Response Center on July 14, 2026. In its advisory, Microsoft explains that the attacker can be remote even though exploitation must ultimately occur through code or content handled on the victim’s local machine.
This is the familiar malicious-document model rather than a network-service exploit. An attacker may send, host, or otherwise deliver a crafted OneNote file from somewhere else, but the vulnerability is reached only when that content is opened or processed on the target device.
Remote Code Execution Is an Impact, Not a Network Route
The phrase remote code execution, or RCE, is widely interpreted as meaning that an attacker can transmit a packet directly to a listening service and immediately execute code. That is one form of RCE, but it is not the only form covered by Microsoft’s vulnerability titles.In this context, “remote” means that the attacker does not need to be physically present at the affected computer. The attacker can prepare the malicious content elsewhere and deliver it through email, a messaging platform, cloud storage, a download page, or another distribution channel.
The “code execution” portion describes the potential result. Successful exploitation could cause attacker-controlled code to run in the security context of the user or process that opened the content. Microsoft also notes that vulnerabilities of this kind may be described more precisely as arbitrary code execution, or ACE.
That title therefore answers the impact question: can an off-device attacker ultimately cause code of their choosing to execute on the target? The CVSS Attack Vector answers a narrower technical question: what interface or execution context must be used to reach the vulnerable component?
Those answers can be “remote attacker” and “local attack vector” at the same time.
Why OneNote Receives an AV:L Rating
The Forum of Incident Response and Security Teams, which maintains CVSS, defines the Attack Vector metric around the path used to exploit the vulnerable component. AV:N, or Network, is appropriate when the affected component is reachable through a network protocol and exploitation occurs through that network-facing interface.AV:L, or Local, applies when the vulnerable component is not directly exploited through the network stack. It covers attacks that depend on local read, write, or execution capabilities, including cases in which another person is persuaded to open a malicious document.That distinction is particularly important for Microsoft Office vulnerabilities. A OneNote file may arrive over the internet, but downloading the file is not necessarily the exploitation event. The vulnerable OneNote code runs locally when the application opens, parses, renders, or otherwise processes the crafted content.
FIRST’s CVSS guidance explicitly separates file delivery from vulnerability exploitation. A document-parsing flaw is normally considered local regardless of whether the malicious document arrived through a website, email, network share, cloud-sync service, or USB drive.
In simplified form, the likely attack chain looks like this:
- An attacker constructs content intended to trigger CVE-2026-55133.
- The content is delivered or made available to the intended victim.
- The victim or another local process causes OneNote to handle it.
- The vulnerable code path executes on the target machine.
- Successful exploitation results in attacker-controlled code running locally.
AV:N Would Describe a Different OneNote Flaw
A Network rating would normally require the vulnerable OneNote component to be directly reachable across a network. An attacker would need to interact with that component through a network-bound interface rather than arrange for a local application to process a file.For example, a hypothetical service that listened on a TCP port and could be compromised merely by receiving a crafted request would fit
AV:N. The victim would not need to download and open a document because the network request itself would reach the vulnerable code.CVE-2026-55133 does not receive that classification simply because its payload might be emailed or downloaded. The internet is the delivery mechanism, while OneNote’s local processing is the exploitation mechanism.
This also explains why administrators should not read
AV:L as “an attacker must already have an account on the computer.” CVSS Local can cover several situations, including an attacker with local access, an attacker operating through an existing session, or a remote attacker who relies on another user to perform the action that reaches the vulnerable component.The Privileges Required and User Interaction metrics provide additional context for those distinctions. Attack Vector alone does not say whether the attacker needs a local account, whether the victim must click something, or which security context would execute the resulting code. Each field describes a separate property of the exploit.
The Local Label Does Not Make the Risk Local
For defenders, the practical concern is that a remotely delivered file can still create a local compromise. Email gateways, Microsoft Defender for Office 365, web filtering, application control, endpoint detection, and user-awareness controls may all influence whether malicious OneNote content reaches and executes on a workstation.However, delivery controls are not a substitute for installing Microsoft’s security update. Files can arrive through encrypted archives, personal cloud accounts, collaboration tools, removable media, or previously trusted locations. A document may also remain dormant in a mailbox or shared folder until long after it was first received.
Administrators should identify supported Microsoft 365 Apps and Office installations covered by Microsoft’s July 14, 2026 security release, then verify that the applicable Office servicing updates have completed. Click-to-Run deployments can be checked through Microsoft 365 Apps update management, while MSI-based Office installations may require the corresponding standalone security package and deployment validation.
Security teams should also remember that OneNote notebooks and related content can travel through more channels than conventional email attachments. OneDrive, SharePoint, Microsoft Teams, browser downloads, synchronization folders, and third-party messaging services can all place files on an endpoint for local processing.
Where immediate patching is delayed, existing controls should be reviewed for untrusted OneNote content and unexpected child processes launched from Office applications. Blocking unknown executables, applying Microsoft Defender Attack Surface Reduction rules where compatible, and limiting content from untrusted sources can reduce exposure, but Microsoft’s fixed build remains the durable remediation.
Two Correct Labels Describe One Attack Chain
There is no scoring error inherent in CVE-2026-55133 being titled a remote code execution vulnerability while carryingAV:L. Microsoft is describing the potential outcome and the attacker’s off-device position; CVSS is describing the technical route into the vulnerable OneNote component.The shortest interpretation is that the attacker may be remote, but the vulnerable parsing or execution step is local. The malicious content can cross the internet, yet exploitation does not occur until OneNote handles that content on the target machine.
For patch prioritization,
AV:L should therefore not be mistaken for physical-access-only or low-risk. The meaningful operational question is whether untrusted OneNote content can reach users and be processed before Microsoft’s July 14, 2026 update is installed across every affected Office deployment.References
- Primary source: MSRC
Published: 2026-07-14T07:00:00-07:00
Security Update Guide - Microsoft Security Response Center
msrc.microsoft.com
- Official source: download.microsoft.com