CVE-2026-55041 - Microsoft Excel Remote Code Execution Vulnerability - is a heap-based buffer overflow in Microsoft Excel that can lead to remote code execution. Microsoft rates it with a CVSS v3.1 base score of 7.8 (High) and a temporal score of 6.8; the vector is LOCAL, with LOW attack complexity, NO privileges required, and USER INTERACTION REQUIRED. Microsoft states public disclosure and active exploitation are not known, exploit code maturity is UNPROVEN, and customer action is required. Because the attack requires the victim to open a malicious Office file and is not a network-facing, no-interaction issue, enterprise risk is lower than for remotely reachable services, but it remains significant for environments where users routinely handle untrusted documents. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Remote Code Execution with HIGH confidentiality, integrity, and availability impacts. - Exploitation likelihood: Exploitation Less Likely; the vector is LOCAL, with LOW attack complexity, NO privileges required, and USER INTERACTION REQUIRED. - Severity for enterprise: High CVSS severity, but lower real-world exposure than network-reachable vulnerabilities because exploitation depends on local execution and opening a malicious Office file. - Patch status: available; customer action required. Affected systems: - Microsoft Excel