CVE-2026-55053 is a Microsoft Excel heap-based buffer overflow that can lead to remote code execution. Microsoft rates it with a CVSS v3.1 base score of 7.8 (High) and temporal score of 6.8, using the vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The attack is local rather than network-based, and user interaction is required: an attacker must send a malicious Office file and convince the user to open it. Microsoft says it has not been publicly disclosed or exploited, exploit code maturity is UNPROVEN, and customer action is required. Enterprise risk is elevated for environments where users routinely open untrusted Office documents, but this is less exposed than network-reachable, no-interaction vulnerabilities. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Remote Code Execution with HIGH confidentiality, integrity, and availability impact. - Exploitation likelihood: Exploitation Less Likely; the vector is LOCAL and requires user interaction, with low attack complexity and no privileges required. - Severity for enterprise: High severity by CVSS, but enterprise exposure is reduced compared with network-facing flaws because exploitation requires a local context and a user to open a malicious Office file. - Patch status: available Affected systems: - No affected products listed in the source data.