CVE-2026-21955

CVSS v3.1

8.2

High

Vector

AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox versions 7.1.14 and 7.2.4

Description An easily exploitable issue exists in the Oracle VM VirtualBox Core component, potentially allowing a high-privileged attacker with access to the system where Oracle VM VirtualBox runs to compromise the software. Successful exploitation can lead to a takeover of Oracle VM VirtualBox, and may significantly impact additional products.

Recommendations Update Oracle VM VirtualBox version 7.1.14 to a later version. Update Oracle VM VirtualBox version 7.2.4 to a later version.

Fix

LPE

RCE

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-400

Related Identifiers

BDU:2026-00844

CVE-2026-21955

ZDI-26-098

Affected Products

Virtualbox

Red Os

CVE-2026-21955

Weakness Enumeration

Related Identifiers

Affected Products

References · 18