Vulnerability in Oracle VM VirtualBox Affects Oracle Virtualization
CVE-2026-35248

5MEDIUM

Key Information:

Vendor: Oracle
Status: Oracle Vm Virtualbox
Vendor: CVE Published:; 21 April 2026

What is CVE-2026-35248?

A vulnerability exists in Oracle VM VirtualBox that allows high-privileged attackers with logon access to the infrastructure hosting the virtualization service to compromise its integrity. This flaw can lead to unauthorized operations, including updates, inserts, or deletions of critical data within Oracle VM VirtualBox. Additionally, it permits unauthorized read access to select data and the potential to induce a partial denial of service, significantly affecting the functionality and reliability of the virtualization environment.

Affected Version(s)

Oracle VM VirtualBox 7.2.6

References

https://www.oracle.com/security-alerts/cpuapr2026.html

vendor-advisory

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2026
Vulnerability Reserved
Apr 1, 2026

CVE-2026-35248 Data

JSON