CVE-2026-21984

Description

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).

CVSS Details

CVSS Score

7.5

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:oracle:vm_virtualbox:7.1.14:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:oracle:vm_virtualbox:7.2.4:*:*:*:*:*:*:* - VULNERABLE

Oracle VM VirtualBox 7.1.14

Oracle VM VirtualBox 7.2.4

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2026-21984 PoC - Oracle VM VirtualBox Local Privilege Escalation
# Note: This is a conceptual PoC based on the vulnerability description
# Actual exploitation requires specific conditions and high privileges

import subprocess
import os

def check_virtualbox_version():
    """Check if vulnerable VirtualBox version is installed"""
    try:
        result = subprocess.run(['VBoxManage', '--version'], 
                              capture_output=True, text=True)
        version = result.stdout.strip()
        print(f"[*] Detected VirtualBox version: {version}")
        
        # Check for vulnerable versions: 7.1.14 and 7.2.4
        vulnerable_versions = ['7.1.14', '7.2.4']
        for vuln_ver in vulnerable_versions:
            if vuln_ver in version:
                print(f"[!] System is running vulnerable version: {vuln_ver}")
                return True
        return False
    except Exception as e:
        print(f"[-] Error checking VirtualBox: {e}")
        return False

def verify_privileges():
    """Verify if current user has high privileges required for exploitation"""
    current_user = os.getenv('USERNAME') or os.getenv('USER')
    print(f"[*] Current user: {current_user}")
    print("[!] Exploitation requires high-privileged attacker with logon access")
    return True

def demonstrate_vulnerability():
    """Demonstrate the vulnerability conditions"""
    print("=" * 60)
    print("CVE-2026-21984 - Oracle VM VirtualBox Local Privilege Escalation")
    print("=" * 60)
    
    # Check if VirtualBox is vulnerable
    is_vulnerable = check_virtualbox_version()
    
    # Verify privileges
    has_privileges = verify_privileges()
    
    if is_vulnerable and has_privileges:
        print("[+] System appears vulnerable to CVE-2026-21984")
        print("[+] Attack requirements met:")
        print("    - Local access to VirtualBox host")
        print("    - High-privileged user account")
        print("    - VirtualBox 7.1.14 or 7.2.4 installed")
        print("[+] Recommendation: Apply Oracle security patch immediately")
    else:
        print("[-] System may not be vulnerable or conditions not met")

if __name__ == "__main__":
    demonstrate_vulnerability()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-21984
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-21984
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-21984/
[4] VulDB https://vuldb.com/cve/CVE-2026-21984
[5] https://www.oracle.com/security-alerts/cpujan2026.html

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-21984", "sourceIdentifier": "[email protected]", "published": "2026-01-20T22:16:01.880", "lastModified": "2026-01-29T14:40:13.757", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)."}, {"lang": "es", "value": "Vulnerabilidad en el producto Oracle VM VirtualBox de Oracle Virtualization (componente: Core). Las versiones soportadas que están afectadas son 7.1.14 y 7.2.4. Vulnerabilidad difícil de explotar permite a un atacante con altos privilegios con inicio de sesión en la infraestructura donde se ejecuta Oracle VM VirtualBox comprometer Oracle VM VirtualBox. Aunque la vulnerabilidad está en Oracle VM VirtualBox, los ataques pueden impactar significativamente productos adicionales (cambio de alcance). Ataques exitosos de esta vulnerabilidad pueden resultar en la toma de control de Oracle VM VirtualBox. Puntuación Base CVSS 3.1 7.5 (impactos en Confidencialidad, Integridad y Disponibilidad). Vector CVSS: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 0.8, "impactScore": 6.0}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-284"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:oracle:vm_virtualbox:7.1.14:*:*:*:*:*:*:*", "matchCriteriaId": "723CD90A-7213-4B3C-B969-C6D7110CAF46"}, {"vulnerable": true, "criteria": "cpe:2.3:a:oracle:vm_virtualbox:7.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "44ABFABE-8FFC-48CF-B627-4241CAD563B6"}]}]}], "references": [{"url": "https://www.oracle.com/security-alerts/cpujan2026.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}