PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-55055 Microsoft CVE debrief

CVE-2026-55055 is a stack-based buffer overflow vulnerability in Microsoft Office Word. An unauthorized attacker could exploit this vulnerability to execute code locally. The CVE record was published on 2026-07-14T18:18:17.683Z and has not been modified since then. This vulnerability affects multiple versions of Microsoft Office, including Office 2016, 2019, 2021, 2024, and Microsoft 365 Apps. Users should apply patches or updates provided by Microsoft for the affected versions of Microsoft Office Word and Microsoft 365 Apps. The CVSS score is 7.8 with a severity of HIGH.

Vendor
Microsoft
Product
Microsoft 365 Apps for Enterprise
CVSS
HIGH 7.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-14
Original CVE updated
2026-07-16
Advisory published
2026-07-14
Advisory updated
2026-07-16

Who should care

Users of Microsoft Office Word, particularly those using versions 2016, 2019, 2021, and 2024, as well as Microsoft 365 Apps, should be aware of this vulnerability and apply patches or mitigations as available.

Technical summary

The vulnerability is a stack-based buffer overflow in Microsoft Office Word, which could allow an unauthorized attacker to execute code locally. The CVSS score is 7.8 with a severity of HIGH. The vulnerability affects multiple versions of Microsoft Office, including Office 2016, 2019, 2021, 2024, and Microsoft 365 Apps.

Defensive priority

High priority should be given to patching or mitigating this vulnerability, especially in environments where Microsoft Office Word is widely used.

Recommended defensive actions

  • Apply patches or updates provided by Microsoft for the affected versions of Microsoft Office Word and Microsoft 365 Apps.
  • Implement compensating controls such as restricting access to sensitive areas of the network.
  • Monitor for suspicious activity related to Microsoft Office Word.
  • Conduct regular inventory checks to ensure all instances of Microsoft Office Word are patched or mitigated.

Evidence notes

The CVE record and NVD detail provide information on the vulnerability, its impact, and affected products. Microsoft has provided a vendor advisory and patch for this vulnerability.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-14T18:18:17.683Z and has not been modified since then.