PT-2026-3735 · Oracle+1 · Virtualbox+1
Zhenghao Li
·
Published
2026-01-01
·
Updated
2026-05-12
·
CVE-2026-21988
CVSS v3.1
8.2
High
| Vector | AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Oracle VM VirtualBox versions 7.1.14 and 7.2.4
Description
An easily exploitable issue exists in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). A high-privileged attacker with access to the infrastructure where Oracle VM VirtualBox runs can compromise the software. Successful exploitation can lead to a takeover of Oracle VM VirtualBox and may significantly impact additional products.
Recommendations
Update Oracle VM VirtualBox to a version newer than 7.2.4.
Update Oracle VM VirtualBox to a version newer than 7.1.14.
Fix
Protection Mechanism Failure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Virtualbox
Red Os