CVE-2026-21982
BaseFortify
Publication date: 2026-01-20
Last updated on: 2026-01-29
Assigner: Oracle
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oracle | vm_virtualbox | 7.1.14 |
| oracle | vm_virtualbox | 7.2.4 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Oracle VM VirtualBox product (versions 7.1.14 and 7.2.4) and affects its core component. It is difficult to exploit and requires an unauthenticated attacker to have access to the physical communication segment attached to the hardware running Oracle VM VirtualBox. If successfully exploited, the attacker can take over the Oracle VM VirtualBox, impacting confidentiality, integrity, and availability.
How can this vulnerability impact me? :
If exploited, this vulnerability can lead to a complete takeover of the Oracle VM VirtualBox environment. This means an attacker could compromise the confidentiality, integrity, and availability of the virtual machine and potentially any data or operations running within it.