CVE-2026-55949 is a Microsoft Excel remote code execution vulnerability caused by use of an uninitialized resource. Microsoft rates it as High severity with a CVSS v3.1 base score of 7.8 and temporal score of 6.8. The attack vector is local, privileges required are none, and user interaction is required; Microsoft says an attacker must send a malicious Office file and convince the user to open it. There is no public disclosure, no known exploitation, and exploit code maturity is unproven. Because exploitation requires local execution and user interaction rather than network access, enterprise risk is lower than for network-exposed, no-interaction issues, but it remains relevant for phishing-driven compromise of Excel users. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN - Impact: Remote Code Execution with HIGH confidentiality, integrity, and availability impacts - Exploitation likelihood: Exploitation Less Likely; the vector is LOCAL with LOW attack complexity, NO privileges required, and UI:R, so it is not a direct network-exposure issue - Severity for enterprise: High technical severity, but practical enterprise risk is moderated by the local-only vector and required user interaction; phishing delivery via malicious Office files is the primary concern - Patch status: available; customer action required Affected systems: - No products listed