CVE-2026-55129 is a Microsoft Office heap-based buffer overflow that can lead to remote code execution. Microsoft rates it at CVSS v3.1 base 7.8 (High) with a temporal score of 6.8; the vector is local attack, low complexity, no privileges required, and user interaction required. The issue requires a malicious Office file to be opened, and Microsoft notes the Preview Pane is also an attack vector. Exploit status is not publicly disclosed and not known to be exploited, with exploit code maturity listed as unproven. For enterprise environments, the local vector and required user interaction make this less direct than network-reachable, no-interaction issues, but it remains a meaningful phishing-delivered code execution risk. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN - Impact: Remote Code Execution with HIGH confidentiality, integrity, and availability impacts - Exploitation likelihood: Exploitation Less Likely; vector is LOCAL, low complexity, no privileges required, and user interaction is required - Severity for enterprise: High severity due to code execution potential, but enterprise exposure is moderated by the local vector and required user action; phishing delivery via malicious Office files and Preview Pane use increase practical risk - Patch status: available; customer action required Affected systems: - No products listed in product_tree