CVE-2026-55044 is a Microsoft Excel remote code execution vulnerability described as an out-of-bounds read. Microsoft rates it High severity with a CVSS v3.1 base score of 7.8 and temporal score of 6.8. The vector is local, requires no privileges but does require user interaction, and all confidentiality, integrity, and availability impacts are high. Microsoft says there is no public disclosure and no known exploitation, and exploit code maturity is unproven. The FAQ states the user must be convinced to open a malicious Office file, and the Preview Pane is not an attack vector. Because the attack is local and user-driven rather than network-exposed, enterprise risk is lower than for remotely reachable services, but it remains relevant for users who handle untrusted documents. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Remote Code Execution with HIGH confidentiality, integrity, and availability impacts. - Exploitation likelihood: Exploitation Less Likely; vector is LOCAL, LOW attack complexity, NO privileges required, and user interaction is REQUIRED. - Severity for enterprise: High technical severity, but enterprise exposure is mainly through user-driven Office document handling rather than directly network-reachable services. - Patch status: available Affected systems: - No products listed in source data