PT-2026-3730 · Oracle+1 · Virtualbox+1

Xiaobye

Published

2026-01-01

Updated

2026-05-12

CVE-2026-21983

CVSS v3.1

7.5

High

Vector

AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox versions 7.1.14 through 7.2.4

Description A difficult to exploit issue exists within the Core component of Oracle VM VirtualBox. A highly privileged attacker with access to the system where Oracle VM VirtualBox is running can compromise the software. Successful exploitation can lead to a takeover of Oracle VM VirtualBox and may significantly impact other products.

Recommendations Update Oracle VM VirtualBox to a version later than 7.2.4. Update Oracle VM VirtualBox to a version later than 7.1.14.

Fix

LPE

Improper Privilege Management

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269CWE-20

Related Identifiers

BDU:2026-00842

CVE-2026-21983

ZDI-26-097

Affected Products

Virtualbox

Red Os

PT-2026-3730 · Oracle+1 · Virtualbox+1

CVE-2026-21983

Weakness Enumeration

Related Identifiers

Affected Products

References · 21