CVE-2026-55022 – Microsoft Office Remote Code Execution Vulnerability

CVSS 7.8 IMPORTANT Critical or Zero Day – Immediate Deployment

“One malicious Office document can be enough to turn an everyday business task into a serious security incident.”

A type confusion vulnerability in Microsoft Office allows an unauthorized attacker to execute arbitrary code on a local system. Successful exploitation requires a user to open a specially crafted Office document, and Microsoft confirms that the Preview Pane is also an attack vector. Security updates have been released for affected Microsoft Office products across Windows and macOS.

CVSS Score: 7.8

SEVERITY: Critical

THREAT:
This vulnerability affects Microsoft Office by allowing arbitrary code execution through a specially crafted Office file. An attacker can distribute the malicious document through email, file-sharing services, or other delivery methods and convince a user to open or preview it. Because the Preview Pane is also an attack vector, users may be exposed while previewing malicious files. Successful exploitation allows the attacker to execute code with the privileges of the current user.

EXPLOITS:
At the time of publication, the vulnerability has not been publicly disclosed and Microsoft has not detected active exploitation. Microsoft assesses exploitation as less likely. The CVSS v3.1 temporal metrics list exploit code maturity as Unproven, and the provided information does not confirm the existence of publicly available proof-of-concept exploit code.

TECHNICAL SUMMARY:
The vulnerability is caused by type confusion (CWE-843) within Microsoft Office. Improper handling of object types can lead to memory corruption when processing a specially crafted Office document. An attacker can exploit this flaw to execute arbitrary code on the target system. Although the CVE is classified as a Remote Code Execution vulnerability, Microsoft clarifies that the attack itself is executed locally after user interaction, such as opening or previewing a malicious Office file.

EXPLOITABILITY:
Affected products include Microsoft 365 Apps for Enterprise (32-bit and 64-bit), Microsoft Office 2016, Microsoft Office 2019, Microsoft Office LTSC 2021, Microsoft Office LTSC 2024, Microsoft Office 365 for Mac, Microsoft Office LTSC for Mac 2021, and Microsoft Office LTSC for Mac 2024. Exploitation requires no attacker privileges but does require user interaction, specifically opening or previewing a specially crafted Office document.

BUSINESS IMPACT:
Microsoft Office is one of the most widely used business applications and remains a common target for phishing and document-based attacks. Successful exploitation could allow attackers to install malware, steal sensitive information, deploy ransomware, or establish a foothold for lateral movement within the enterprise. Organizations that frequently exchange Office documents with external parties face increased exposure.

WORKAROUND:
No mitigations or workarounds are available. Microsoft recommends installing the appropriate security updates for all affected Office products.

URGENCY:
This vulnerability should be deployed urgently because it is rated Critical and affects one of the most commonly used productivity platforms in enterprise environments. While Microsoft has not observed active exploitation and user interaction is required, Office documents remain a primary delivery method for phishing and malware campaigns. Prompt deployment of security updates significantly reduces the risk of compromise.

Key Details

Affected Product
Microsoft 365 Apps
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
CWE Classification
CWE-843
Patch this CVE on all your endpoints in under 5 minutes. First 200 endpoints are free forever, scale as needed.