CVE-2026-58618 - Microsoft Excel Remote Code Execution Vulnerability - is a heap-based buffer overflow in Microsoft Excel that can lead to remote code execution. Microsoft rates it with a CVSS v3.1 base score of 7.8 (High) and temporal score of 6.8. The attack vector is LOCAL, attack complexity is LOW, privileges required are NONE, and user interaction is REQUIRED. Microsoft states the issue is not publicly disclosed and has not been exploited, with exploit code maturity UNPROVEN. Because exploitation requires a user to open a malicious Office file and the Preview Pane is not an attack vector, this is more relevant to phishing and local user execution than to network-exposed services. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Remote Code Execution; confidentiality HIGH, integrity HIGH, availability HIGH. - Exploitation likelihood: Exploitation Less Likely, with a LOCAL vector and REQUIRED user interaction limiting remote enterprise exposure. - Severity for enterprise: High technical severity, but lower enterprise exposure than network-reachable RCEs because exploitation depends on local user interaction with a malicious Office file. - Patch status: available; customer action required. Affected systems: - No products listed in the provided product_tree.