CVE-2026-55136 - Microsoft Excel Remote Code Execution Vulnerability - is an untrusted pointer dereference issue in Microsoft Excel that can lead to remote code execution. Microsoft rates it as CVSS v3.1 base 7.8 (High) with a temporal score of 6.8; the vector is LOCAL, LOW attack complexity, NO privileges required, and user interaction is REQUIRED. Microsoft states it has not been publicly disclosed or exploited, exploit code maturity is UNPROVEN, and exploitation is considered unlikely. The vulnerability requires a user to open a malicious Office file; the Preview Pane is not an attack vector. Enterprise risk is lower than network-exploitable RCE issues because the attack is local and depends on user interaction, but it can still be significant for systems where users open untrusted Office documents. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Remote Code Execution with HIGH confidentiality, integrity, and availability impacts. - Exploitation likelihood: Exploitation Unlikely; LOCAL vector, LOW attack complexity, NO privileges required, and user interaction REQUIRED. - Severity for enterprise: High severity by CVSS, but lower real-world exposure than network-based RCE because exploitation requires local execution and a user opening a malicious Office file. - Patch status: available; customer action required. Affected systems: - Not listed in the provided product_tree data.