CVE-2026-21984
BaseFortify
Publication date: 2026-01-20
Last updated on: 2026-01-29
Assigner: Oracle
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oracle | vm_virtualbox | 7.1.14 |
| oracle | vm_virtualbox | 7.2.4 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Oracle VM VirtualBox product, specifically in its core component. It affects versions 7.1.14 and 7.2.4. The vulnerability is difficult to exploit and requires a high privileged attacker who already has logon access to the infrastructure where Oracle VM VirtualBox runs. If successfully exploited, the attacker can compromise and take over Oracle VM VirtualBox, potentially impacting additional products due to a scope change.
How can this vulnerability impact me? :
If exploited, this vulnerability can lead to a complete takeover of Oracle VM VirtualBox, affecting confidentiality, integrity, and availability of the system. This means sensitive data could be exposed or altered, and the availability of services running on Oracle VM VirtualBox could be disrupted. Additionally, because of the scope change, other products relying on Oracle VM VirtualBox may also be significantly impacted.