CVE-2026-50301 is a Microsoft Office heap-based buffer overflow that can lead to remote code execution. Microsoft rates it High with a CVSS v3.1 base score of 7.8 and temporal score of 6.8. The attack vector is local (AV:L), privileges are not required, user interaction is required, and the impact is high for confidentiality, integrity, and availability. Microsoft states the issue is not publicly disclosed and not exploited, with exploit code maturity unproven. Enterprise risk is primarily for users who open malicious Office content, including Preview Pane exposure, rather than for directly internet-exposed services. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN - Impact: Remote Code Execution with HIGH confidentiality, HIGH integrity, and HIGH availability impacts - Exploitation likelihood: Exploitation Less Likely; vector is LOCAL, LOW attack complexity, NO privileges required, and user interaction is REQUIRED - Severity for enterprise: High severity from a CVSS perspective, but lower enterprise exposure than network-reachable issues because exploitation depends on local user interaction with a malicious Office file or Preview Pane - Patch status: available; customer action required Affected systems: - No products listed in the provided product_tree