Virtualbox
CVE-2026-21982
HIGH
Severity by source
AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Difficult to exploit vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
AnalysisAI
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. [CVSS 7.5 HIGH]
Technical ContextAI
Classified as CWE-284 (Improper Access Control). Affects Vm Virtualbox. Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Difficult to exploit vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidential
RemediationAI
Monitor vendor advisories for a patch.
More in Virtualbox
View allVulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that ar
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that ar
Vm Virtualbox versions up to 7.1.14 contains a vulnerability that allows attackers to takeover of Oracle VM VirtualBox (
Vm Virtualbox versions up to 7.1.14 contains a vulnerability that allows attackers to takeover of Oracle VM VirtualBox (
Vm Virtualbox versions up to 7.1.14 contains a vulnerability that allows attackers to takeover of Oracle VM VirtualBox (
Vm Virtualbox versions up to 7.1.14 contains a vulnerability that allows attackers to unauthorized creation, deletion or
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that ar
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that ar
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that ar
Vm Virtualbox versions up to 7.1.14 contains a vulnerability that allows attackers to unauthorized ability to cause a ha
Vm Virtualbox versions up to 7.1.14 contains a vulnerability that allows attackers to unauthorized access to critical da
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that ar
Same weakness CWE-284 – Improper Access Control
View allShare
External POC / Exploit Code
Leaving vuln.today