CVE-2026-55031 - Microsoft Excel Remote Code Execution Vulnerability is an out-of-bounds read issue in Microsoft Excel that can lead to remote code execution. Microsoft rates it with a CVSS v3.1 base score of 7.8 and a temporal score of 6.8. The attack vector is local (AV:L), attack complexity is low, privileges required are none, and user interaction is required. Microsoft reports no public disclosure and no known exploitation; exploit code maturity is unproven. This is a phishing-related threat because exploitation requires a victim to open a malicious Office file. Enterprise risk is elevated for users who process untrusted Excel files, but it is not a network-only, no-interaction vulnerability. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Remote Code Execution with HIGH confidentiality, integrity, and availability impacts. - Exploitation likelihood: Exploitation Less Likely; the vector is LOCAL with LOW attack complexity, NO privileges required, and USER INTERACTION REQUIRED. - Severity for enterprise: High severity by CVSS, but real-world risk is reduced compared with network-exposed, no-interaction issues because exploitation requires a local user to open a malicious file. - Patch status: available; customer action required. Affected systems: - No products listed in the provided product tree.