Login Sign Up

CVE-2026-21989

8.1 HIGH
Denial of Service

📋 TL;DR

This vulnerability in Oracle VM VirtualBox allows a high-privileged attacker with local access to the host system to compromise VirtualBox, potentially affecting other products through scope change. Successful exploitation can lead to unauthorized data access, modification, or deletion, and partial denial of service. Affected versions are 7.1.14 and 7.2.4.

💻 Affected Systems

Products:
  • Oracle VM VirtualBox
Versions: 7.1.14 and 7.2.4
Operating Systems: All platforms running affected VirtualBox versions
Default Config Vulnerable: ⚠️ Yes
Notes: Requires high privileged attacker with logon access to the infrastructure where VirtualBox executes.

📦 What is this software?

Vm Virtualbox by Oracle

View all CVEs affecting Vm Virtualbox →

Vm Virtualbox by Oracle

View all CVEs affecting Vm Virtualbox →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains complete control over VirtualBox and potentially other connected systems, leading to data theft, system compromise, and service disruption across the virtualization environment.

🟠

Likely Case

Privileged local attacker compromises VirtualBox instances, accessing/modifying virtual machine data and causing service degradation.

🟢

If Mitigated

With proper access controls and isolation, impact limited to VirtualBox component only with minimal data exposure.

🌐 Internet-Facing: LOW - Requires local access to host system, not directly exploitable over network.
🏢 Internal Only: HIGH - Local attackers with high privileges can exploit this to compromise virtualization infrastructure.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

CVSS indicates easily exploitable but requires high privilege local access. No public exploit details available yet.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 7.1.14 and 7.2.4 (check Oracle advisory for specific fixed versions)

Vendor Advisory: https://www.oracle.com/security-alerts/cpujan2026.html

Restart Required: Yes

Instructions:

1. Download latest VirtualBox version from Oracle website. 2. Uninstall current version. 3. Install updated version. 4. Restart host system.

🔧 Temporary Workarounds

Restrict Local Access

all

Limit local administrative access to VirtualBox hosts to trusted personnel only

Network Segmentation

all

Isolate VirtualBox hosts from critical network segments

🧯 If You Can't Patch

  • Implement strict access controls to limit who can log into VirtualBox host systems
  • Monitor VirtualBox hosts for unusual activity and maintain comprehensive audit logs

🔍 How to Verify

Check if Vulnerable:

Check VirtualBox version: On Windows: 'VBoxManage --version', On Linux: 'vboxmanage --version' or 'VirtualBox --help'

Check Version:

VBoxManage --version (Windows/Linux)

Verify Fix Applied:

Verify version is higher than 7.1.14 or 7.2.4 using version check command

📡 Detection & Monitoring

Log Indicators:

  • Unusual VirtualBox process activity
  • Unexpected VirtualBox service restarts
  • Suspicious local authentication events on VirtualBox hosts

Network Indicators:

  • Unusual traffic from VirtualBox hosts to other systems

SIEM Query:

source="VirtualBox" AND (event_type="error" OR event_type="critical") OR process_name="VBox*" AND action="unusual"

📊 Metadata

CVE ID: CVE-2026-21989
CVSS v3 Score: 8.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
EPSS Score: 0.04% exploit probability (11.3th percentile)
Published: January 20, 2026
Last Updated: January 29, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON