Description
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 2.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).
Published: 2026-04-21
Score: 2.3 Low
EPSS: n/a
KEV: No
Impact: Partial Denial of Service
Action: Patch
AI Analysis

Impact

This vulnerability exists in the core component of Oracle VM VirtualBox version 7.2.6. It permits an attacker who has logged on to the host system with high privileges to trigger a partial denial of service of the VirtualBox service without requiring user interaction. The flaw does not affect confidentiality or integrity; the impact is limited to the availability of VirtualBox.

Affected Systems

Oracle Corporation’s virtual machine product – Oracle VM VirtualBox – version 7.2.6 is affected. No other VirtualBox versions or components are listed as vulnerable.

Risk and Exploitability

The CVSS v3.1 Base Score of 2.3 indicates low risk, and the EPSS score is not available. The vulnerability is not listed in the CISA KEV catalog. Because the attack vector is local and requires a high‑privilege host account, the threat is confined to hosts where such accounts exist. Despite the low CVSS score, the availability impact can degrade operations and the potential for disruption warrants timely remediation.

Generated by OpenCVE AI on April 22, 2026 at 06:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Oracle VM VirtualBox to a patched version that addresses the denial‑of‑service issue.
  • Enforce the principle of least privilege on the host to restrict high‑privileged users from freely accessing VirtualBox functionality.
  • If remote management of VirtualBox is not required, disable or limit remote access features to reduce the attack surface.

Generated by OpenCVE AI on April 22, 2026 at 06:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 06:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-400

Wed, 22 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 2.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).
First Time appeared Oracle
Oracle vm Virtualbox
CPEs cpe:2.3:a:oracle:vm_virtualbox:7.2.6:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle vm Virtualbox
References
Metrics cvssV3_1

{'score': 2.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L'}

Subscriptions

Oracle Vm Virtualbox
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-04-21T20:35:53.562Z

Reserved: 2026-04-01T20:03:40.834Z

Link: CVE-2026-35250

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-21T21:16:41.280

Modified: 2026-04-21T21:16:41.280

Link: CVE-2026-35250

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T06:30:10Z

Weaknesses