Virtualbox
CVE-2026-21981
MEDIUM
Severity by source
AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:L
Lifecycle Timeline
2DescriptionCVE.org
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.6 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:L).
AnalysisAI
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. [CVSS 4.6 MEDIUM]
Technical ContextAI
Classified as CWE-269 (Improper Privilege Management). Affects Vm Virtualbox. Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result
RemediationAI
Monitor vendor advisories for a patch.
More in Virtualbox
View allVulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that ar
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that ar
Vm Virtualbox versions up to 7.1.14 contains a vulnerability that allows attackers to takeover of Oracle VM VirtualBox (
Vm Virtualbox versions up to 7.1.14 contains a vulnerability that allows attackers to takeover of Oracle VM VirtualBox (
Vm Virtualbox versions up to 7.1.14 contains a vulnerability that allows attackers to takeover of Oracle VM VirtualBox (
Vm Virtualbox versions up to 7.1.14 contains a vulnerability that allows attackers to unauthorized creation, deletion or
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that ar
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that ar
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that ar
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that ar
Vm Virtualbox versions up to 7.1.14 contains a vulnerability that allows attackers to unauthorized ability to cause a ha
Vm Virtualbox versions up to 7.1.14 contains a vulnerability that allows attackers to unauthorized access to critical da
Same weakness CWE-269 – Improper Privilege Management
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today