Critical Vulnerability in Oracle VM VirtualBox Affects Oracle Virtualization
CVE-2026-35230

7.5HIGH

Key Information:

Vendor: Oracle
Status: Oracle Vm Virtualbox
Vendor: CVE Published:; 21 April 2026

What is CVE-2026-35230?

A serious vulnerability has been identified in Oracle VM VirtualBox, specifically in the core component of the Oracle Virtualization product. This vulnerability affects the supported version 7.2.6 and can be exploited by a high-privilege attacker who has logon access to the infrastructure where Oracle VM VirtualBox operates. The implications of this vulnerability can lead to a takeover of the Oracle VM VirtualBox environment, which may have broader impacts on other interconnected products. Organizations using this version need to implement security measures to safeguard their systems against potential attacks.

Affected Version(s)

Oracle VM VirtualBox 7.2.6

References

https://www.oracle.com/security-alerts/cpuapr2026.html

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2026
Vulnerability Reserved
Apr 1, 2026

CVE-2026-35230 Data

JSON