CVE-2026-55043 is a Microsoft PowerPoint remote code execution vulnerability described as a heap-based buffer overflow. Microsoft rates it CVSS v3.1 7.8 High with a temporal score of 6.8. The vector is local-only (AV:L), low attack complexity, no privileges required, and user interaction is required. The impact is high for confidentiality, integrity, and availability. Microsoft reports no public disclosure and no known exploitation, with exploit code maturity unproven. The title says remote code execution, but Microsoft notes the attack is carried out locally and requires the victim to open a malicious Office file. This is relevant for enterprise environments where users handle untrusted documents, but it is not a network-reachable attack. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Remote Code Execution with HIGH confidentiality, integrity, and availability impacts. - Exploitation likelihood: Exploitation Less Likely; local vector (AV:L), LOW attack complexity, NO privileges required, and UI:R means exploitation depends on local user interaction. - Severity for enterprise: High technical severity, but lower enterprise exposure than network-based RCE because exploitation is local and requires a user to open a malicious Office file. - Patch status: available Affected systems: - No products listed