CVE-2026-55127 is a Microsoft Word heap-based buffer overflow that can lead to remote code execution. Microsoft rates it with a CVSS v3.1 base score of 7.8 and temporal score of 6.8. The vector is local access with low attack complexity, no privileges required, and user interaction required; the exploit requires a user to open a malicious Office file, and the Preview Pane is also listed as an attack vector. Microsoft reports no public disclosure and no known exploitation, with exploit code maturity unproven. Because this is a local/user-interaction-driven Word issue rather than a network-exposed service flaw, enterprise risk is lower than for unauthenticated remote attacks, but it remains relevant for phishing-delivered Office documents. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN - Impact: Remote Code Execution; confidentiality, integrity, and availability impacts are all HIGH - Exploitation likelihood: Exploitation Less Likely; vector context is LOCAL with LOW attack complexity and USER INTERACTION required - Severity for enterprise: High severity by CVSS, but enterprise risk is moderated by the local vector and required user interaction; phishing-delivered malicious Office files are the primary concern - Patch status: available; customer action required Affected systems: - No products listed in the source data