CVE-2026-55130 is a Microsoft Word heap-based buffer overflow that can lead to remote code execution. Microsoft rates it CVSS 3.1 base 7.8 and temporal 6.8, with a LOCAL attack vector, LOW attack complexity, no privileges required, and user interaction required. The listed impact is high for confidentiality, integrity, and availability. Microsoft reports it is not publicly disclosed, not exploited, and exploit code maturity is UNPROVEN; exploitation is currently rated unlikely. Because it requires local execution and user interaction, it is more relevant to endpoint exposure than to network-facing service risk. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Remote Code Execution with HIGH confidentiality, HIGH integrity, and HIGH availability impacts. - Exploitation likelihood: Exploitation Unlikely; the vector is LOCAL with LOW attack complexity, NO privileges required, and USER INTERACTION REQUIRED. - Severity for enterprise: High technical severity, but lower enterprise exposure than network-reachable vulnerabilities because exploitation depends on local execution and user interaction. - Patch status: available; customer action required. Affected systems: - Microsoft Word