Exploitable Vulnerability in Oracle VM VirtualBox by Oracle
CVE-2026-35249

3.2LOW

Key Information:

Vendor: Oracle
Status: Oracle Vm Virtualbox
Vendor: CVE Published:; 21 April 2026

What is CVE-2026-35249?

An easily exploitable vulnerability exists in Oracle VM VirtualBox, specifically affecting version 7.2.6. This vulnerability allows a high privileged attacker, who has logged onto the infrastructure hosting Oracle VM VirtualBox, to compromise the virtual environment. The implications of a successful attack can lead to unauthorized updates, insertions, or deletions of data accessible by Oracle VM VirtualBox. Though isolated to this product, the potential for impact on related systems underscores the importance of effective security measures and monitoring.

Affected Version(s)

Oracle VM VirtualBox 7.2.6

References

https://www.oracle.com/security-alerts/cpuapr2026.html

vendor-advisory

CVSS V3.1

Score:

3.2

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2026
Vulnerability Reserved
Apr 1, 2026

CVE-2026-35249 Data

JSON