CVE-2026-50665 is a Microsoft Office information disclosure vulnerability caused by an out-of-bounds read. Microsoft rates it as High severity with a CVSS v3.1 base score of 7.8 and temporal score of 6.8. The attack vector is LOCAL, privileges required are NONE, user interaction is REQUIRED, and the impact is disclosure of small portions of heap memory; the CVSS confidentiality, integrity, and availability impacts are all HIGH. Microsoft reports no public disclosure and no known exploitation, with exploit code maturity UNPROVEN. The issue is phishing-related because an attacker must send a malicious Office file and convince a user to open it. For enterprise environments, the local vector and required user action reduce exposure compared with network-reachable, no-interaction issues, but it still merits attention where users routinely open external Office documents. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Information Disclosure; CVSS impacts are Confidentiality High, Integrity High, Availability High. - Exploitation likelihood: Microsoft indicates Exploitation Less Likely; the vector is LOCAL with LOW attack complexity and user interaction required. - Severity for enterprise: High technical severity, but real-world enterprise risk is lower than network-exposed vulnerabilities because exploitation requires local execution conditions and a user to open a malicious Office file. - Patch status: available; customer action required. Affected systems: - No products listed in the source data.