216.73.217.64

CVE-2026-21982

· Published 20/01/2026 22:16 · Modified 21/01/2026 15:16

Labels: CVE-2026-21982 2026-01-20CVE-2026-21982CWE-284[email protected]

Essential information

Published
20/01/2026 22:16
Modified
21/01/2026 15:16
Author
Creator
CVSS
7.5 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Difficult to exploit vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
oracle / oracle vm virtualbox cpe:2.3:a:oracle:oracle_vm_virtualbox:7.1.14:*:*:*:*:*:*:*
oracle / oracle vm virtualbox cpe:2.3:a:oracle:oracle_vm_virtualbox:7.2.4:*:*:*:*:*:*:*

References