CVE-2026-21981
BaseFortify
Publication date: 2026-01-20
Last updated on: 2026-01-29
Assigner: Oracle
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oracle | vm_virtualbox | 7.1.14 |
| oracle | vm_virtualbox | 7.2.4 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-269 | The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Oracle VM VirtualBox product, specifically in versions 7.1.14 and 7.2.4. It allows a highly privileged attacker who has logged on to the infrastructure where Oracle VM VirtualBox runs to compromise the VirtualBox software. The attacker can gain unauthorized read access to some data accessible by Oracle VM VirtualBox and can also cause a partial denial of service (partial DOS) affecting the availability of the product.
How can this vulnerability impact me? :
If exploited, this vulnerability can lead to unauthorized disclosure of some data within Oracle VM VirtualBox and can cause a partial denial of service, which means some functions or services of Oracle VM VirtualBox may become unavailable or degraded. This could disrupt operations relying on VirtualBox and expose sensitive information to attackers with high privileges.