Virtualbox
CVE-2026-21989
HIGH
Severity by source
AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
Lifecycle Timeline
2DescriptionCVE.org
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L).
AnalysisAI
Vm Virtualbox versions up to 7.1.14 contains a vulnerability that allows attackers to unauthorized creation, deletion or modification access to critical data or all O (CVSS 8.1).
Technical ContextAI
affects Vm Virtualbox. Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result
RemediationAI
Monitor vendor advisories for a patch.
More in Virtualbox
View allVulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that ar
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that ar
Vm Virtualbox versions up to 7.1.14 contains a vulnerability that allows attackers to takeover of Oracle VM VirtualBox (
Vm Virtualbox versions up to 7.1.14 contains a vulnerability that allows attackers to takeover of Oracle VM VirtualBox (
Vm Virtualbox versions up to 7.1.14 contains a vulnerability that allows attackers to takeover of Oracle VM VirtualBox (
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that ar
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that ar
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that ar
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that ar
Vm Virtualbox versions up to 7.1.14 contains a vulnerability that allows attackers to unauthorized ability to cause a ha
Vm Virtualbox versions up to 7.1.14 contains a vulnerability that allows attackers to unauthorized access to critical da
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that ar
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today