CVE-2026-35249

LOW

3.2

Description

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 3.2 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N).

Details CVE

Score CVSS v3.13.2

SeveriteLOW

Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N

Vecteur d'attaqueLOCAL

ComplexiteLOW

Privileges requisHIGH

Interaction utilisateurNONE

Publie4/21/2026

Derniere modification4/22/2026

Sourcenvd

Observations honeypot0

Faiblesses (CWE)

CWE-284

References

https://www.oracle.com/security-alerts/cpuapr2026.html(secalert_us@oracle.com)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.