CVE-2026-47642 is a Microsoft Excel use-after-free vulnerability that can lead to remote code execution. Microsoft rates it at CVSS v3.1 base 7.8 (High) with a temporal score of 6.8. The attack vector is local, attack complexity is low, privileges required are none, and user interaction is required, so exploitation depends on a user opening a malicious Office file. Microsoft lists exploitation as not observed and public disclosure as no; exploit code maturity is unproven. For enterprise risk, this is serious but less exposed than network-reachable, no-interaction vulnerabilities because the attack is local and requires user action. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Remote Code Execution with HIGH confidentiality, integrity, and availability impacts. - Exploitation likelihood: Exploitation Less Likely; local vector with REQUIRED user interaction reduces exposure compared with network-based attacks. - Severity for enterprise: High severity, but enterprise risk is moderated by the local attack vector and required user interaction; phishing-style delivery via malicious Office files is relevant. - Patch status: available Affected systems: - No products listed in source data