HomeOracleCVE-2026-21985

CVE-2026-21985

MEDIUM
6.0CVSS
Published: 2026-01-20
Updated: 2026-01-29
AI Analysis

Description

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

CVSS Metrics

Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Attack Vector
local
Complexity
low
Privileges
high
User Action
none
Scope
changed
Confidentiality
high
Integrity
none
Availability
none
Weaknesses
NVD-CWE-noinfo

Metadata

Primary Vendor
ORACLE
Published
1/20/2026
Last Modified
1/29/2026
Source
NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

oracle : vm_virtualboxoracle : vm_virtualbox

AI-Powered Remediation

Generate remediation guidance or a C-suite brief for this vulnerability.

Executive Intelligence Brief

View on NIST NVD
CVE-CVE-2026-21985 | MEDIUM Severity | CVEDatabase.com | CVEDatabase.com