CVE-2026-55024 is a Microsoft Excel remote code execution vulnerability caused by type confusion. Microsoft rates it with a CVSS v3.1 base score of 7.8 and temporal score of 6.8. The vector is local with low attack complexity, no privileges required, and required user interaction. The attack is not network-based; Microsoft says an attacker must send a malicious Office file and convince a user to open it, and the Preview Pane is not an attack vector. Public disclosure and active exploitation are not reported, and exploit code maturity is unproven. Because it requires local execution and user interaction, it is more relevant to phishing and malicious-document delivery than to direct network exposure, but it still represents a high-severity risk for enterprise endpoints running Excel. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Remote Code Execution with HIGH confidentiality, integrity, and availability impacts. - Exploitation likelihood: Exploitation Less Likely; vector is LOCAL with LOW attack complexity, NO privileges required, and user interaction required. - Severity for enterprise: High severity, but lower risk to internet-facing services because the attack is local and requires the victim to open a malicious Office file. - Patch status: available; customer action required. Affected systems: - No products listed in the source data.