CVE-2026-50314 - Microsoft Office Remote Code Execution Vulnerability is a use-after-free flaw in Microsoft Office that can lead to remote code execution. Microsoft rates it CVSS v3.1 base 7.8 and temporal 6.8, with AV:L, AC:L, PR:N, UI:R, S:U, and high confidentiality, integrity, and availability impact. Although the title says remote code execution, the CVSS vector is local and user interaction is required; Microsoft states an attacker must send a malicious Office file and convince the user to open it, and the Preview Pane is also an attack vector. There are no public disclosures, no known exploitation, and exploit code maturity is UNPROVEN. This is an enterprise risk mainly for systems where users may open untrusted Office files, rather than for network-exposed services. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Remote Code Execution with HIGH confidentiality, integrity, and availability impacts. - Exploitation likelihood: Exploitation Less Likely; the vector is LOCAL with LOW attack complexity and USER INTERACTION REQUIRED, so it is not a network-no-interaction exposure. - Severity for enterprise: High technical severity, but lower enterprise exposure than network-reachable vulnerabilities because exploitation requires a user to open a malicious Office file or use the Preview Pane. - Patch status: available; customer action required. Affected systems: - No products listed in the source data.