CVE-2026-55141 is a Microsoft Excel stack-based buffer overflow that can lead to remote code execution in Excel. Microsoft rates it CVSS v3.1 base 7.8 and temporal 6.8, with a LOCAL attack vector, LOW attack complexity, no privileges required, and user interaction required. The issue is not publicly disclosed, has not been exploited, and exploit code maturity is UNPROVEN. The attack requires a user to open a malicious Office file, and Microsoft states the Preview Pane is not an attack vector. For enterprise environments, the local vector and required user interaction reduce exposure compared with network-reachable, no-interaction issues, but it remains a high-severity client-side code execution issue. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Latest Software Release: Exploitation Less Likely; Exploit Code Maturity: UNPROVEN - Impact: Remote Code Execution with HIGH confidentiality, integrity, and availability impacts - Exploitation likelihood: Exploitation Less Likely; vector context is LOCAL with LOW attack complexity, NO privileges required, and USER INTERACTION REQUIRED - Severity for enterprise: High severity, but lower enterprise exposure than network-based attacks because exploitation is local and requires a user to open a malicious Office file - Patch status: available; customer action required Affected systems: - No products listed in source data