The CVE is for the vulnerability enabling Inscriptions to bypass node policy (regardless of what it's set to).

There should be no reason to be angry. It's just the normal procedure for security issues