CVE-2026-55005 is a Microsoft Exchange Server remote code execution vulnerability described as a heap-based buffer overflow. It has a CVSS v3.1 base score of 8.8 and temporal score of 7.7, with a NETWORK attack vector, LOW attack complexity, LOW privileges required, and NONE user interaction. The impact is HIGH for confidentiality, integrity, and availability. Microsoft indicates no public disclosure and no known exploitation, with exploit code maturity UNPROVEN and exploitation less likely. Because this is a network-reachable RCE issue with low attacker requirements, it is a high-severity issue for enterprise Exchange deployments, especially where services are exposed to untrusted networks. Highlights: - CVSS scores: Base 8.8 - Temporal 7.7 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Remote Code Execution with HIGH confidentiality, integrity, and availability impacts. - Exploitation likelihood: Exploitation Less Likely; network vector with LOW attack complexity, LOW privileges required, and NO user interaction. - Severity for enterprise: High. The network-exposed, low-interaction RCE nature makes this significant for enterprise Exchange environments, even though no exploitation is reported. - Patch status: available Affected systems: - Not listed in source data