NATO Admiralty (AJP-2.1) grades confidence, independent of the risk score. Cross-source corroboration isn't tracked for non-CVE news, so single-source items are capped at a lower credibility number; a low number does not imply low quality.
The vulnerability allows attackers to bypass the Windows Mark-of-the-Web security boundary by using specially crafted RAR5 archives with Zone.Identifier stream entries to evade 7-Zip's guard mechanism.