PT-2026-3705 · Oracle+1 · Virtualbox+1
Nini
+1
·
Published
2026-01-01
·
Updated
2026-05-12
·
CVE-2026-21957
CVSS v3.1
7.5
High
| Vector | AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Oracle VM VirtualBox versions 7.1.14 through 7.2.4
Description
The issue resides in the Core component of Oracle VM VirtualBox and is due to insufficient input validation. Exploitation may allow an attacker to gain full control over the application and potentially compromise Oracle VM VirtualBox. Successful attacks can result in a takeover of Oracle VM VirtualBox, and may significantly impact additional products. The vulnerability is difficult to exploit and requires a high-privileged attacker with logon access to the infrastructure where Oracle VM VirtualBox is running. The vulnerability can be leveraged to achieve AAR/AAW and facilitate VM escape.
Recommendations
Oracle VM VirtualBox version 7.1.14 should be updated.
Oracle VM VirtualBox version 7.2.4 should be updated.
Fix
RCE
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Virtualbox
Red Os