CVE-2026-55048 is a Microsoft Excel remote code execution vulnerability caused by an integer overflow or wraparound issue. Microsoft rates it CVSS v3.1 7.8 (High) with a temporal score of 6.8. The attack vector is local (AV:L), attack complexity is low, no privileges are required, and user interaction is required. Microsoft states the attack is carried out locally and requires a malicious Office file to be opened; the Preview Pane is not an attack vector. Public disclosure and in-the-wild exploitation are both reported as No, and exploit code maturity is UNPROVEN. Enterprise risk is elevated for users who may open untrusted Office files, but it is lower than network-exploitable vulnerabilities because the attack is not remote and requires user interaction. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Remote Code Execution with HIGH confidentiality, integrity, and availability impacts. - Exploitation likelihood: Exploitation Less Likely; local attack vector (AV:L), LOW attack complexity, NO privileges required, and user interaction required. - Severity for enterprise: High severity by CVSS, but real-world enterprise risk is moderated by the local-only vector and required user interaction. Phishing delivery via malicious Office files is relevant, while Preview Pane is not an attack vector. - Patch status: available; customer action required. Affected systems: - No affected products listed in the source data.