CVE-2026-55055 - Microsoft Word Remote Code Execution Vulnerability - is a stack-based buffer overflow in Microsoft Word that can lead to remote code execution. Microsoft rates it with a CVSS v3.1 base score of 7.8 and a temporal score of 6.8; the vector is local attack (AV:L), low complexity, no privileges required, user interaction required, and high impacts to confidentiality, integrity, and availability. Microsoft states it is not publicly disclosed, not exploited, and exploit code maturity is unproven. The title refers to remote code execution, but the FAQ states the attack is carried out locally and requires a user to open a malicious Office file, so enterprise risk is driven by phishing or document-delivery scenarios rather than network exposure. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Remote Code Execution; CIA impacts are HIGH / HIGH / HIGH. - Exploitation likelihood: Exploitation Less Likely, with a LOCAL vector, LOW attack complexity, NO privileges required, and USER INTERACTION required. - Severity for enterprise: High severity by CVSS, but real-world enterprise exposure is lower than network-reachable RCE issues because exploitation requires local execution conditions and a user to open a malicious Office file. - Patch status: available; customer action required. Affected systems: - No products listed in the source data.