CVE-2026-21982

CVSS v3.1

7.5

High

Vector

AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox versions 7.1.14 and 7.2.4

Description A difficult to exploit issue exists in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). An unauthenticated attacker with access to the physical communication segment attached to the hardware where Oracle VM VirtualBox executes can compromise the software. Successful attacks can result in a takeover of Oracle VM VirtualBox.

Recommendations Update Oracle VM VirtualBox to a version later than 7.1.14. Update Oracle VM VirtualBox to a version later than 7.2.4.

Fix

RCE

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-284

Related Identifiers

BDU:2026-00724

CVE-2026-21982

Affected Products

Virtualbox

Red Os

CVE-2026-21982

Weakness Enumeration

Related Identifiers

Affected Products

References · 19