CVE-2026-55045 is a Microsoft Office out-of-bounds read vulnerability that Microsoft classifies as a remote code execution issue. The CVSS v3.1 base score is 8.4 (High) with a temporal score of 7.3; the vector is LOCAL, with low attack complexity, no privileges required, no user interaction, and unchanged scope. Microsoft reports no public disclosure and no known exploitation, with exploit code maturity marked UNPROVEN. Because the attack vector is local rather than network-based, enterprise risk is lower than for remotely reachable vulnerabilities, but Microsoft still says customer action is required. Highlights: - CVSS scores: Base 8.4 - Temporal 7.3 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Remote Code Execution with HIGH confidentiality, integrity, and availability impacts. - Exploitation likelihood: Exploitation Less Likely; LOCAL vector, LOW attack complexity, NO privileges required, and NO user interaction. - Severity for enterprise: High severity by CVSS, but lower enterprise exposure than network-based RCE because exploitation is local-only. Microsoft also states the Preview Pane is an attack vector. - Patch status: available Affected systems: - No products listed in the source data