CVE-2026-55017 is a Microsoft Office remote code execution vulnerability described as a heap-based buffer overflow. Microsoft’s data says the attack vector is local, privileges required are none, user interaction is required, and the CVSS v3.1 base score is 7.8 (High) with a temporal score of 6.8. The issue is not publicly disclosed or known to be exploited, and exploit code maturity is unproven. The practical enterprise risk is lower than a network-reachable, no-interaction issue because exploitation requires a user to open a malicious Office file on the local machine. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Remote Code Execution with HIGH confidentiality, integrity, and availability impacts. - Exploitation likelihood: Exploitation Less Likely; local vector, LOW attack complexity, NONE privileges required, and REQUIRED user interaction reduce remote enterprise exposure. - Severity for enterprise: High severity by CVSS, but risk is moderated by the LOCAL attack vector and required user interaction; phishing-style delivery via a malicious Office file is supported by the FAQ. - Patch status: available; customer action required. Affected systems: - No products listed in the source data.