CVE-2026-55049 – Microsoft Office Remote Code Execution Vulnerability

CVSS 7.8 IMPORTANT Critical or Zero Day – Immediate Deployment

“A single malicious Office document can turn a routine task into a full system compromise if security updates are missing.”

A heap-based buffer overflow vulnerability in Microsoft Office allows an unauthorized attacker to execute arbitrary code on a local system. Successful exploitation requires a user to open a specially crafted Office file. Although the vulnerability is classified as Remote Code Execution, Microsoft clarifies that the attack itself is carried out locally after user interaction. Microsoft has released an official fix for the affected Microsoft Office product.

CVSS Score: 7.8

SEVERITY: Critical

THREAT:
This vulnerability affects Microsoft Office by allowing arbitrary code execution through a specially crafted Office document. An attacker can distribute the malicious file through email, file-sharing services, or other delivery methods and persuade a user to open it. Once opened, the vulnerability can be triggered, allowing the attacker to execute code with the privileges of the current user.

EXPLOITS:
At the time of publication, the vulnerability has not been publicly disclosed and Microsoft has not detected active exploitation. Microsoft assesses exploitation as less likely. The CVSS v3.1 temporal metrics list exploit code maturity as Unproven, and the provided information does not confirm the existence of publicly available proof-of-concept exploit code.

TECHNICAL SUMMARY:
The vulnerability is caused by a heap-based buffer overflow (CWE-122) in Microsoft Office. A specially crafted Office file can trigger memory corruption, allowing arbitrary code execution on the affected system. Microsoft notes that although the vulnerability is categorized as Remote Code Execution, the attack itself is executed locally after a user opens the malicious document. Successful exploitation can result in high impact to confidentiality, integrity, and availability.

EXPLOITABILITY:
The confirmed affected product is Microsoft Office 365 for Mac. Exploitation requires no attacker privileges but does require user interaction, specifically opening a specially crafted Office file. The attack has low complexity and is carried out locally after the malicious document is opened.

BUSINESS IMPACT:
Office applications remain one of the most common targets for phishing and document-based attacks. Successful exploitation could allow attackers to execute malicious code, steal sensitive information, deploy malware, or establish persistence on affected systems. Organizations using Microsoft Office on macOS should ensure updates are applied promptly to reduce the risk of compromise through malicious documents.

WORKAROUND:
No mitigations or workarounds are available. Microsoft recommends installing the official security update for the affected Microsoft Office product.

URGENCY:
This vulnerability should be deployed urgently because it is rated Critical and affects Microsoft Office, one of the most widely used productivity platforms. Although Microsoft has not observed active exploitation and user interaction is required, malicious Office documents remain a common attack vector. Prompt installation of the security update helps prevent successful compromise.

Key Details

Affected Product
Microsoft 365 Apps
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
CWE Classification
CWE-122
Patch this CVE on all your endpoints in under 5 minutes. First 200 endpoints are free forever, scale as needed.