CVE-2026-21987

CVSS v3.1

8.2

High

Vector

AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox versions 7.1.14 and 7.2.4

Description An easily exploitable issue exists in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). A high-privileged attacker with access to the infrastructure where Oracle VM VirtualBox runs can compromise the software. Successful exploitation can lead to a takeover of Oracle VM VirtualBox and may significantly impact additional products.

Recommendations Oracle VM VirtualBox version 7.1.14 should be updated. Oracle VM VirtualBox version 7.2.4 should be updated.

Fix

RCE

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-200

Related Identifiers

BDU:2026-00845

CVE-2026-21987

Affected Products

Virtualbox

Oracle Virtualization

Red Os

CVE-2026-21987

Weakness Enumeration

Related Identifiers

Affected Products

References · 18