CVE-2026-55011 is a Microsoft Defender Remote Code Execution vulnerability caused by an integer underflow/wraparound issue. Microsoft rates it at CVSS v3.1 7.8 (High) with a temporal score of 6.8. The attack vector is local, attack complexity is low, privileges required are none, and user interaction is required. Impact is high across confidentiality, integrity, and availability. Microsoft states it is not publicly disclosed and not exploited, with exploit code maturity unproven. Because the attack is local and requires user interaction, enterprise risk is lower than for network-reachable, unauthenticated issues, but it remains relevant for endpoints where users can be induced to open crafted content. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Remote Code Execution with HIGH confidentiality, integrity, and availability impacts. - Exploitation likelihood: Microsoft indicates Exploitation Less Likely; the vector is LOCAL with LOW attack complexity and USER INTERACTION REQUIRED. - Severity for enterprise: High severity by CVSS, but lower enterprise exposure than network-based RCE because it is local-only and requires user interaction. - Patch status: available Affected systems: - No products listed in product_tree.