PatchSiren cyber security CVE debrief
CVE-2026-55055 Microsoft CVE debrief
CVE-2026-55055 is a stack-based buffer overflow vulnerability in Microsoft Office Word. An unauthorized attacker could exploit this vulnerability to execute code locally. The CVE record was published on 2026-07-14T18:18:17.683Z and has not been modified since then. This vulnerability affects multiple versions of Microsoft Office, including Office 2016, 2019, 2021, 2024, and Microsoft 365 Apps. Users should apply patches or updates provided by Microsoft for the affected versions of Microsoft Office Word and Microsoft 365 Apps. The CVSS score is 7.8 with a severity of HIGH.
- Vendor
- Microsoft
- Product
- Microsoft 365 Apps for Enterprise
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-14
- Original CVE updated
- 2026-07-16
- Advisory published
- 2026-07-14
- Advisory updated
- 2026-07-16
Who should care
Users of Microsoft Office Word, particularly those using versions 2016, 2019, 2021, and 2024, as well as Microsoft 365 Apps, should be aware of this vulnerability and apply patches or mitigations as available.
Technical summary
The vulnerability is a stack-based buffer overflow in Microsoft Office Word, which could allow an unauthorized attacker to execute code locally. The CVSS score is 7.8 with a severity of HIGH. The vulnerability affects multiple versions of Microsoft Office, including Office 2016, 2019, 2021, 2024, and Microsoft 365 Apps.
Defensive priority
High priority should be given to patching or mitigating this vulnerability, especially in environments where Microsoft Office Word is widely used.
Recommended defensive actions
- Apply patches or updates provided by Microsoft for the affected versions of Microsoft Office Word and Microsoft 365 Apps.
- Implement compensating controls such as restricting access to sensitive areas of the network.
- Monitor for suspicious activity related to Microsoft Office Word.
- Conduct regular inventory checks to ensure all instances of Microsoft Office Word are patched or mitigated.
Evidence notes
The CVE record and NVD detail provide information on the vulnerability, its impact, and affected products. Microsoft has provided a vendor advisory and patch for this vulnerability.
Official resources
-
CVE-2026-55055 CVE record
CVE.org
-
CVE-2026-55055 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory, Patch
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-14T18:18:17.683Z and has not been modified since then.