CVE-2026-26110 and CVE-2026-26113 are high-severity remote code execution vulnerabilities (CVSS 8.8) in Microsoft Office triggered via the Preview Pane with no file open or macro action required — previewing a malicious email attachment is sufficient for exploitation. Both are rooted in memory corruption (Type Confusion, Use-After-Free, Heap-Based Buffer Overflow) and were patched in the March 2026 Patch Tuesday cumulative updates. No confirmed active exploitation or CISA KEV listing has been reported as of data capture, but the zero-interaction exploitation vector makes patch deployment a high-priority action; organizations that cannot immediately patch should disable the Preview Pane in Outlook via Group Policy as an interim control.