CVE-2026-21963

CVSS v3.1

6.0

Medium

Vector

AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox versions 7.1.14 and 7.2.4

Description An easily exploitable issue exists in the Oracle VM VirtualBox Core component, potentially allowing a high-privileged attacker with access to the system where Oracle VM VirtualBox runs to compromise the software. Successful exploitation could lead to unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. Attacks may significantly impact additional products.

Recommendations Versions prior to 7.1.14 and 7.2.4 should be updated.

Fix

RCE

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-269

Related Identifiers

BDU:2026-00722

CVE-2026-21963

ZDI-26-101

Affected Products

Virtualbox

Red Os

CVE-2026-21963

Weakness Enumeration

Related Identifiers

Affected Products

References · 17