CVE-2026-21985

6.0 MEDIUM

📋 TL;DR

This vulnerability in Oracle VM VirtualBox allows a high-privileged attacker with local access to the host system to access sensitive data from VirtualBox. It affects VirtualBox versions 7.1.14 and 7.2.4. The attack could potentially impact other products running on the same system due to scope change.

💻 Affected Systems

Products:

• Oracle VM VirtualBox

Versions: 7.1.14 and 7.2.4

Operating Systems: All platforms supported by VirtualBox

Default Config Vulnerable: ⚠️ Yes

Notes: Requires attacker with high privileges (PR:H) on the host system where VirtualBox runs.

📦 What is this software?

Vm Virtualbox by Oracle

View all CVEs affecting Vm Virtualbox →

Vm Virtualbox by Oracle

View all CVEs affecting Vm Virtualbox →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of all VirtualBox-accessible data including virtual machine contents, configuration files, and potentially sensitive host system information.

🟠

Likely Case

Unauthorized access to VirtualBox configuration data, virtual machine metadata, and potentially sensitive information stored within VirtualBox-managed resources.

🟢

If Mitigated

Limited impact if proper access controls and privilege separation are implemented, though data confidentiality remains at risk.

🌐 Internet-Facing: LOW - This is a local privilege vulnerability requiring attacker access to the host system.

🏢 Internal Only: HIGH - Attackers with local administrative access can exploit this to access sensitive VirtualBox data.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

CVSS indicates easily exploitable but requires high privilege local access. No public exploit details available as of advisory publication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 7.1.14 and 7.2.4 (check Oracle's Critical Patch Update for exact fixed versions)

Vendor Advisory: https://www.oracle.com/security-alerts/cpujan2026.html

Restart Required: Yes

Instructions:

1. Download latest VirtualBox version from Oracle website. 2. Uninstall current version. 3. Install updated version. 4. Restart host system. 5. Verify virtual machines function correctly.

🔧 Temporary Workarounds

Restrict Local Administrative Access

all

Limit the number of users with administrative privileges on systems running VirtualBox.

Isolate VirtualBox Host Systems

all

Ensure VirtualBox hosts are on isolated network segments with strict access controls.

🧯 If You Can't Patch

• Implement strict access controls to limit who has administrative privileges on VirtualBox host systems.
• Monitor for unusual access patterns to VirtualBox files and directories by privileged users.

🔍 How to Verify

Check if Vulnerable:

Copy

Check VirtualBox version: On Windows: 'VBoxManage --version', On Linux/macOS: 'VBoxManage --version' or check About dialog in GUI.

Check Version:

Copy

VBoxManage --version

Verify Fix Applied:

Copy

Verify installed version is newer than 7.1.14 and 7.2.4 using 'VBoxManage --version' command.

📡 Detection & Monitoring

Log Indicators:

• Unusual access patterns to VirtualBox configuration files
• Multiple failed privilege escalation attempts followed by VirtualBox data access

Network Indicators:

• Not applicable - local vulnerability

SIEM Query:

Copy

source="security_logs" AND (event_type="file_access" AND file_path LIKE "%VirtualBox%" AND user="admin")

📊 Metadata

CVE ID: CVE-2026-21985

CVSS v3 Score: 6.0 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

EPSS Score: 0.02% exploit probability (4.8th percentile)

Published: January 20, 2026

Last Updated: January 29, 2026

🔗 References

• https://www.oracle.com/security-alerts/cpujan2026.html Vendor Advisory

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON