ZDI-26-100 MEDIUM 6.0 Published Feb 13, 2026

Oracle VirtualBox LsiLogic Uninitialized Memory Information Disclosure Vulnerability

Oracle

Oracle VirtualBox contains a local information disclosure vulnerability (CVE-2026-21985) that allows privileged attackers to access sensitive data on affected guest systems. An attacker must already have high-level code execution capabilities on the target guest to exploit this flaw. Security teams should apply Oracle's patches promptly and restrict high-privilege access on VirtualBox guest systems to limit exploitation risk.

Related CVEs

CVE-2026-21985

Tags

Information Disclosure Memory Corruption Oracle Virtualbox

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy