Virtualbox
CVE-2026-21985
MEDIUM
Severity by source
AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).
AnalysisAI
Vm Virtualbox versions up to 7.1.14 contains a vulnerability that allows attackers to unauthorized access to critical data or complete access to all Oracle VM Virtual (CVSS 6.0).
Technical ContextAI
affects Vm Virtualbox. Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result
RemediationAI
Monitor vendor advisories for a patch.
More in Virtualbox
View allVulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that ar
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that ar
Vm Virtualbox versions up to 7.1.14 contains a vulnerability that allows attackers to takeover of Oracle VM VirtualBox (
Vm Virtualbox versions up to 7.1.14 contains a vulnerability that allows attackers to takeover of Oracle VM VirtualBox (
Vm Virtualbox versions up to 7.1.14 contains a vulnerability that allows attackers to takeover of Oracle VM VirtualBox (
Vm Virtualbox versions up to 7.1.14 contains a vulnerability that allows attackers to unauthorized creation, deletion or
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that ar
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that ar
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that ar
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that ar
Vm Virtualbox versions up to 7.1.14 contains a vulnerability that allows attackers to unauthorized ability to cause a ha
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that ar
Vendor StatusVendor
SUSE
Severity: LowShare
External POC / Exploit Code
Leaving vuln.today