CVE-2026-55947 - Microsoft Excel Remote Code Execution Vulnerability - is a heap-based buffer overflow in Microsoft Excel that can lead to remote code execution. Microsoft reports the attack vector as LOCAL, with LOW attack complexity, NO privileges required, and USER INTERACTION REQUIRED; the CVSS v3.1 base score is 7.8 (High) and the temporal score is 6.8. The issue is not publicly disclosed and is not reported as exploited, with exploit code maturity UNPROVEN. Because exploitation requires a user to open a malicious Office file, this is phishing-related, but the local vector means it is not a network-reachable service issue. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN - Impact: Remote Code Execution with HIGH confidentiality, integrity, and availability impacts - Exploitation likelihood: Exploitation Less Likely; the LOCAL vector and required user interaction reduce enterprise exposure compared with network-exploitable issues - Severity for enterprise: High severity in CVSS terms, but real-world enterprise risk is lower than network-based RCE because exploitation needs local user interaction and delivery of a malicious file - Patch status: available; customer action required Affected systems: - No products listed in the source data