CVE-2026-55131 - Microsoft Excel Remote Code Execution Vulnerability - is a heap-based buffer overflow affecting Microsoft Excel and can lead to remote code execution. Microsoft rates it CVSS v3.1 base 7.8 (High) with a temporal score of 6.8; the vector is local access, low attack complexity, no privileges required, and user interaction is required. Microsoft states it is not publicly disclosed, not exploited, and exploit code maturity is unproven. Because the attack is local and requires a user to open a malicious Office file, enterprise risk is lower than network-exploitable remote service issues, but it remains relevant for phishing-based delivery against Excel users. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Remote Code Execution with HIGH confidentiality, integrity, and availability impacts. - Exploitation likelihood: Exploitation Less Likely; the vector is LOCAL with user interaction required, and Microsoft does not report active exploitation. - Severity for enterprise: High severity by CVSS, but real-world risk is reduced compared with network-based attacks because exploitation requires local execution and user interaction; phishing-style delivery is relevant because a user must open a malicious Office file. - Patch status: available Affected systems: - No products listed in the source data.