CVE-2026-55032 is a Microsoft Word use-after-free vulnerability that can lead to remote code execution. Microsoft rates it as CVSS v3.1 base 7.8 (High) and temporal 6.8; the vector is LOCAL, low attack complexity, no privileges required, and user interaction is required. Microsoft states there are no reports of public disclosure or exploitation, exploit code maturity is unproven, and customer action is required. Because exploitation requires a user to open a malicious Office file, this is phishing-related and primarily relevant to enterprise endpoints running Word rather than network-exposed services. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Remote Code Execution with HIGH confidentiality, integrity, and availability impacts. - Exploitation likelihood: Exploitation Less Likely; the attack vector is LOCAL and user interaction is REQUIRED, so it is not a network-exposed, no-interaction issue. - Severity for enterprise: High severity on affected user workstations due to code execution potential, but lower enterprise exposure than network-reachable vulnerabilities because exploitation depends on local execution and user opening a malicious Office file. - Patch status: available Affected systems: - Microsoft Word