CVE-2026-35250
Received Received - Intake
Partial DoS via Privilege Escalation in Oracle VM VirtualBox Core

Publication date: 2026-04-21

Last updated on: 2026-04-23

Assigner: Oracle

Description
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 2.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-21
Last Modified
2026-04-23
Generated
2026-05-07
AI Q&A
2026-04-22
EPSS Evaluated
2026-05-05
NVD
CVE-2026-35250
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
oracle vm_virtualbox 7.2.6
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the Oracle VM VirtualBox product, specifically in version 7.2.6. It is an easily exploitable flaw that allows a highly privileged attacker who already has access to the infrastructure running Oracle VM VirtualBox to compromise the VirtualBox software.

The vulnerability can be used to cause a partial denial of service (partial DOS) affecting Oracle VM VirtualBox.


How can this vulnerability impact me? :

If exploited, this vulnerability can allow an attacker with high privileges to cause a partial denial of service on Oracle VM VirtualBox. This means that parts of the VirtualBox service may become unavailable or disrupted, potentially impacting the availability of virtualized environments running on this platform.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The vulnerability in Oracle VM VirtualBox allows a high privileged attacker to cause a partial denial of service (partial DOS) but does not impact confidentiality or integrity.

Since the vulnerability only affects availability and does not lead to unauthorized disclosure or modification of data, its direct impact on compliance with standards like GDPR or HIPAA, which primarily focus on data protection and privacy, is limited.

However, availability is a component of these regulations, so organizations relying on Oracle VM VirtualBox should consider the potential for service disruption in their risk assessments and mitigation strategies.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart