CVE-2026-55120 - Microsoft PowerPoint Remote Code Execution Vulnerability - is a heap-based buffer overflow in Microsoft PowerPoint that can lead to remote code execution. The CVSS v3.1 base score is 7.8 (High) with a temporal score of 6.8; the vector is LOCAL, LOW attack complexity, no privileges required, and user interaction is required. Microsoft reports no public disclosure and no known exploitation, with exploit code maturity UNPROVEN. Because this is a local attack vector and requires the user to open a malicious Office file, the enterprise risk is lower than a network-reachable, no-interaction RCE, but it remains relevant for environments where users process untrusted PowerPoint files. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Remote Code Execution with HIGH confidentiality, integrity, and availability impacts. - Exploitation likelihood: Exploitation Less Likely; local vector (AV:L), LOW attack complexity, NO privileges required, and user interaction required. - Severity for enterprise: High severity per CVSS, but risk is moderated by the LOCAL vector and required user interaction; phishing-style delivery via a malicious Office file is relevant. - Patch status: available; customer action required. Affected systems: - Not listed in the provided product_tree.