CVE-2026-55127 – Microsoft Word Remote Code Execution Vulnerability

CVSS 7.8 IMPORTANT Critical or Zero Day – Immediate Deployment

“A document that appears harmless can become the launch point for a serious security breach.”

A heap-based buffer overflow vulnerability in Microsoft Word allows an unauthorized attacker to execute code locally. Although classified as a local attack, exploitation requires an attacker to deliver a specially crafted Word document and convince a user to open it. Microsoft also confirms that the Preview Pane is an attack vector, allowing malicious content to be processed during normal document handling. Successful exploitation enables arbitrary code execution in the context of the affected user.

CVSS Score: 7.8

SEVERITY: Critical

THREAT:
This vulnerability allows arbitrary code execution through a malicious Microsoft Word document. A successful attack could enable malware installation, unauthorized access to sensitive information, modification of files, or additional malicious activity using the privileges of the compromised user.

EXPLOITS:
At the time of publication, the vulnerability has not been publicly disclosed and Microsoft has not detected active exploitation. Microsoft assesses exploitation as less likely. The CVSS v3.1 temporal metrics list exploit code maturity as Unproven, and the available information does not confirm the existence of publicly available proof-of-concept exploit code.

TECHNICAL SUMMARY:
The vulnerability is caused by a heap-based buffer overflow (CWE-122) in Microsoft Word. A specially crafted Office document can trigger improper memory handling, resulting in arbitrary code execution. Microsoft confirms that the Preview Pane is an attack vector, meaning the vulnerability may be triggered while previewing a malicious document. Successful exploitation allows code to run with the permissions of the current user.

EXPLOITABILITY:
Affected products include Microsoft Word 2016, Microsoft 365 Apps for Enterprise, Microsoft Office LTSC 2021, Microsoft Office LTSC 2024, Microsoft Office 365 for Mac, Microsoft Office LTSC for Mac 2021/2024, Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019, and Microsoft SharePoint Server Subscription Edition. Exploitation requires an attacker to deliver a specially crafted Office file and convince a user to open it or trigger processing through the Preview Pane.

BUSINESS IMPACT:
This vulnerability can be exploited through phishing or other document-based attacks that target employees. Successful exploitation could provide attackers with an initial foothold, allowing malware deployment, unauthorized access to corporate information, and further compromise of enterprise systems.

WORKAROUND:
No mitigations or workarounds are available. Microsoft recommends installing all applicable security updates for affected Microsoft Word, Office, and SharePoint products.

URGENCY:
This vulnerability should be deployed urgently because it is rated Critical with a CVSS v3.1 Base Score of 7.8. Although user interaction is required, the Preview Pane is an attack vector, increasing the risk that malicious documents could trigger code execution during routine document handling.

Key Details

Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
CWE Classification
CWE-122
Patch this CVE on all your endpoints in under 5 minutes. First 200 endpoints are free forever, scale as needed.