Virtualbox
CVE-2026-21984
HIGH
Severity by source
AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).
AnalysisAI
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. [CVSS 7.5 HIGH]
Technical ContextAI
Classified as CWE-284 (Improper Access Control). Affects Vm Virtualbox. Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can resul
RemediationAI
Monitor vendor advisories for a patch.
More in Virtualbox
View allVulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that ar
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that ar
Vm Virtualbox versions up to 7.1.14 contains a vulnerability that allows attackers to takeover of Oracle VM VirtualBox (
Vm Virtualbox versions up to 7.1.14 contains a vulnerability that allows attackers to takeover of Oracle VM VirtualBox (
Vm Virtualbox versions up to 7.1.14 contains a vulnerability that allows attackers to takeover of Oracle VM VirtualBox (
Vm Virtualbox versions up to 7.1.14 contains a vulnerability that allows attackers to unauthorized creation, deletion or
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that ar
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that ar
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that ar
Vm Virtualbox versions up to 7.1.14 contains a vulnerability that allows attackers to unauthorized ability to cause a ha
Vm Virtualbox versions up to 7.1.14 contains a vulnerability that allows attackers to unauthorized access to critical da
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that ar
Same weakness CWE-284 – Improper Access Control
View allVendor StatusVendor
SUSE
Severity: HighShare
External POC / Exploit Code
Leaving vuln.today