CVE-2026-50675 - Microsoft Excel Remote Code Execution Vulnerability - is a heap-based buffer overflow in Microsoft Excel that can lead to remote code execution. Microsoft rates it with a CVSS v3.1 base score of 7.8 (High) and a temporal score of 6.8. The attack vector is local (AV:L), attack complexity is low, privileges required are none, and user interaction is required. Microsoft states the user must open a malicious Office file; the Preview Pane is not an attack vector. Exploit status shows no public disclosure and no known exploitation, with exploit code maturity unproven. For enterprise environments, this is a high-severity client-side risk rather than a network-exposed service risk. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Remote Code Execution with HIGH confidentiality, integrity, and availability impacts. - Exploitation likelihood: Exploitation Less Likely; local vector (AV:L), low attack complexity, no privileges required, and user interaction required. - Severity for enterprise: High severity by CVSS, but real-world enterprise risk is lower than a network-reachable, no-interaction issue because exploitation requires local execution context and user opening a malicious Office file. - Patch status: available; customer action required. Affected systems: - Not listed in the provided product_tree.