CVE-2026-21986

#!/usr/bin/env python3 """ CVE-2026-21986 PoC - Oracle VM VirtualBox Local DoS Note: This is a conceptual PoC for vulnerability detection Actual exploitation requires specific trigger conditions """ import subprocess import sys import os def check_virtualbox_version(): """Check if VirtualBox is installed and get version""" try: result = subprocess.run(['VBoxManage', '--version'], capture_output=True, text=True, timeout=5) if result.returncode == 0: version = result.stdout.strip() print(f"[*] VirtualBox Version: {version}") return version else: print("[-] VirtualBox not found or not accessible") return None except Exception as e: print(f"[-] Error checking VirtualBox: {e}") return None def list_virtual_machines(): """List all registered VirtualBox VMs""" try: result = subprocess.run(['VBoxManage', 'list', 'vms'], capture_output=True, text=True, timeout=5) if result.returncode == 0: vms = result.stdout.strip().split('\n') print(f"[*] Found {len(vms)} Virtual Machine(s)") for vm in vms: if vm: print(f" {vm}") return vms except Exception as e: print(f"[-] Error listing VMs: {e}") return [] def check_vm_status(vm_name): """Check specific VM running status""" try: result = subprocess.run(['VBoxManage', 'showvminfo', vm_name, '--machinereadable'], capture_output=True, text=True, timeout=10) if result.returncode == 0: for line in result.stdout.split('\n'): if line.startswith('VMState='): state = line.split('=')[1].strip('"') print(f"[*] VM '{vm_name}' State: {state}") return state except Exception as e: print(f"[-] Error checking VM status: {e}") return None def detect_vulnerability(version): """Detect if VirtualBox version is vulnerable to CVE-2026-21986""" vulnerable_versions = ['7.1.14', '7.2.4'] if version: # Extract version number main_version = '.'.join(version.split('.')[:2]) if main_version in vulnerable_versions: print(f"[!] VULNERABLE: Version {version} is affected by CVE-2026-21986") print("[!] This vulnerability allows local attackers to cause DoS") print("[!] Only affects Windows virtual machines") return True else: print(f"[*] Version {version} may not be affected") return False return None def main(): print("="*60) print("CVE-2026-21986 Vulnerability Checker") print("Oracle VM VirtualBox Core DoS Vulnerability") print("="*60) # Check VirtualBox installation version = check_virtualbox_version() if not version: print("[-] VirtualBox not installed or not in PATH") sys.exit(1) # List VMs vms = list_virtual_machines() # Check vulnerability status is_vulnerable = detect_vulnerability(version) # Check running VMs status if vms: print("\n[*] Checking VM statuses...") for vm_line in vms: if vm_line: vm_name = vm_line.split('"')[1] check_vm_status(vm_name) print("\n[*] Remediation: Upgrade to latest VirtualBox version") print("[*] Reference: https://www.oracle.com/security-alerts/cpujan2026.html") if __name__ == "__main__": main()

{"cve": {"id": "CVE-2026-21986", "sourceIdentifier": "[email protected]", "published": "2026-01-20T22:16:02.120", "lastModified": "2026-01-29T14:39:59.450", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. Note: This vulnerability applies to Windows VMs only. CVSS 3.1 Base Score 7.1 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)."}, {"lang": "es", "value": "Vulnerabilidad en el producto Oracle VM VirtualBox de Oracle Virtualization (componente: Core). Versiones compatibles que están afectadas son 7.1.14 y 7.2.4. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con inicio de sesión en la infraestructura donde se ejecuta Oracle VM VirtualBox comprometer Oracle VM VirtualBox. Aunque la vulnerabilidad está en Oracle VM VirtualBox, los ataques pueden impactar significativamente productos adicionales (cambio de alcance). Ataques exitosos de esta vulnerabilidad pueden resultar en la capacidad no autorizada de causar un bloqueo o un fallo repetible con frecuencia (DoS completo) de Oracle VM VirtualBox. Nota: Esta vulnerabilidad se aplica solo a las máquinas virtuales de Windows. Puntuación Base CVSS 3.1 7.1 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "baseScore": 7.1, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.5, "impactScore": 4.0}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:oracle:vm_virtualbox:7.1.14:*:*:*:*:*:*:*", "matchCriteriaId": "723CD90A-7213-4B3C-B969-C6D7110CAF46"}, {"vulnerable": true, "criteria": "cpe:2.3:a:oracle:vm_virtualbox:7.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "44ABFABE-8FFC-48CF-B627-4241CAD563B6"}]}]}], "references": [{"url": "https://www.oracle.com/security-alerts/cpujan2026.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}