CVE-2026-55134 - Microsoft Word Remote Code Execution Vulnerability - is a stack-based buffer overflow in Microsoft Word that can lead to remote code execution. The CVSS v3.1 base score is 7.8 (High) with a temporal score of 6.8; the vector is LOCAL, LOW attack complexity, NO privileges required, and user interaction is REQUIRED. Microsoft reports no public disclosure and no known exploitation, with exploit code maturity UNPROVEN and exploitation unlikely. The enterprise risk is lower than a network-exploitable RCE because exploitation requires local execution on the victim machine and a user to open a malicious Office file. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Remote Code Execution with HIGH confidentiality, integrity, and availability impacts. - Exploitation likelihood: Exploitation Unlikely; LOCAL attack vector with LOW complexity, NO privileges required, and UI:R means the user must open a malicious Office file. - Severity for enterprise: High CVSS severity, but real-world enterprise exposure is moderated by the local vector and required user interaction; this is more relevant for endpoints where Microsoft Word is used to open untrusted documents. - Patch status: available Affected systems: - No products listed