PT-2026-3736 · Oracle+1 · Virtualbox+1
Fstmpr
·
Published
2026-01-01
·
Updated
2026-05-12
·
CVE-2026-21989
CVSS v3.1
8.1
High
| Vector | AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L |
Name of the Vulnerable Software and Affected Versions
Oracle VM VirtualBox versions 7.1.14 and 7.2.4
Description
An easily exploitable issue exists in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). A high-privileged attacker with access to the infrastructure where Oracle VM VirtualBox runs can compromise the software. Successful exploitation may lead to unauthorized creation, deletion, or modification of critical data, complete access to Oracle VM VirtualBox accessible data, and a partial denial of service. Attacks may significantly impact additional products.
Recommendations
Update Oracle VM VirtualBox to a version newer than 7.2.4.
Update Oracle VM VirtualBox to a version newer than 7.1.14.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Virtualbox
Red Os