Core Vulnerability in Oracle VM VirtualBox by Oracle
CVE-2026-35250

2.3LOW

Key Information:

Vendor: Oracle
Status: Oracle Vm Virtualbox
Vendor: CVE Published:; 21 April 2026

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2026-35250?

An exploitable vulnerability exists within Oracle VM VirtualBox, specifically in its core components. A privileged attacker with access to the infrastructure can exploit this weakness to compromise the functionality of Oracle VM VirtualBox. Successful exploitation may result in a partial denial of service, affecting the availability of the virtual machine environment. The vulnerability specifically impacts version 7.2.6, demanding immediate attention from administrators to safeguard their systems.

Affected Version(s)

Oracle VM VirtualBox 7.2.6

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-35250
Created by xooxo

References

https://www.oracle.com/security-alerts/cpuapr2026.html

vendor-advisory

CVSS V3.1

Score:

2.3

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
May 8, 2026
👾
Exploit known to exist
May 8, 2026
Vulnerability published
Apr 21, 2026
Vulnerability Reserved
Apr 1, 2026

CVE-2026-35250 Data

JSON