CVE-2026-55033 is a Microsoft Word remote code execution vulnerability caused by an integer overflow or wraparound issue. Microsoft rates it CVSS v3.1 Base 7.8 and Temporal 6.8, with a local attack vector, low attack complexity, no privileges required, and user interaction required. The attack is not network-based; Microsoft says an attacker must send a malicious Office file and convince a user to open it, and the Preview Pane is also an attack vector. Microsoft reports no public disclosure and no known exploitation, with exploit code maturity unproven. Enterprise risk is primarily to endpoints that open untrusted Office documents, rather than to network-exposed services. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Remote Code Execution with HIGH confidentiality, integrity, and availability impacts. - Exploitation likelihood: Exploitation Less Likely; vector context is LOCAL, LOW attack complexity, NO privileges required, and UI required. - Severity for enterprise: High severity by CVSS, but lower enterprise exposure than network-reachable vulnerabilities because exploitation requires local execution context and user interaction through a malicious Office file or Preview Pane. - Patch status: available; customer action required. Affected systems: - No products listed in the provided product_tree.