CVE-2026-21956

CVSS v3.1

8.2

High

Vector

AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox versions 7.1.14 and 7.2.4

Description An easily exploitable issue exists in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). A high-privileged attacker with access to the infrastructure where Oracle VM VirtualBox runs can compromise the software. Successful attacks can lead to a takeover of Oracle VM VirtualBox and may significantly impact additional products.

Recommendations Update Oracle VM VirtualBox version 7.1.14 to a newer, fixed version. Update Oracle VM VirtualBox version 7.2.4 to a newer, fixed version.

Fix

LPE

RCE

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-400

Related Identifiers

BDU:2026-00840

CVE-2026-21956

ZDI-26-103

Affected Products

Virtualbox

Red Os

CVE-2026-21956

Weakness Enumeration

Related Identifiers

Affected Products

References · 18