CVE-2026-35250: Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. in Oracle Corporation Oracle VM VirtualBox
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 2.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).
AI Analysis
Technical Summary
This vulnerability affects the Core component of Oracle VM VirtualBox version 7.2.6. It can be exploited by an attacker who already has high privileges and logon access to the infrastructure where Oracle VM VirtualBox runs. Exploitation results in unauthorized ability to cause a partial denial of service condition impacting the availability of Oracle VM VirtualBox. The CVSS 3.1 base score is 2.3, reflecting low severity with an attack vector requiring local access and high privileges. The vulnerability does not impact confidentiality or integrity.
Potential Impact
Successful exploitation can cause a partial denial of service of Oracle VM VirtualBox, affecting availability only. There is no impact on confidentiality or integrity. The attack requires the attacker to have high privileges and logon access to the host infrastructure. No known exploits in the wild have been reported.
Mitigation Recommendations
Oracle has included this vulnerability in its April 2026 Critical Patch Update advisory. Customers are strongly advised to apply the April 2026 Critical Patch Update promptly to address this and other vulnerabilities. Since the vendor advisory does not explicitly state the patch status for Oracle VM VirtualBox 7.2.6, users should consult the April 2026 Critical Patch Update documentation for the exact patch availability and installation instructions. Maintaining up-to-date patches is critical as Oracle reports attackers have successfully exploited vulnerabilities when patches were not applied.
CVE-2026-35250: Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. in Oracle Corporation Oracle VM VirtualBox
Description
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 2.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability affects the Core component of Oracle VM VirtualBox version 7.2.6. It can be exploited by an attacker who already has high privileges and logon access to the infrastructure where Oracle VM VirtualBox runs. Exploitation results in unauthorized ability to cause a partial denial of service condition impacting the availability of Oracle VM VirtualBox. The CVSS 3.1 base score is 2.3, reflecting low severity with an attack vector requiring local access and high privileges. The vulnerability does not impact confidentiality or integrity.
Potential Impact
Successful exploitation can cause a partial denial of service of Oracle VM VirtualBox, affecting availability only. There is no impact on confidentiality or integrity. The attack requires the attacker to have high privileges and logon access to the host infrastructure. No known exploits in the wild have been reported.
Mitigation Recommendations
Oracle has included this vulnerability in its April 2026 Critical Patch Update advisory. Customers are strongly advised to apply the April 2026 Critical Patch Update promptly to address this and other vulnerabilities. Since the vendor advisory does not explicitly state the patch status for Oracle VM VirtualBox 7.2.6, users should consult the April 2026 Critical Patch Update documentation for the exact patch availability and installation instructions. Maintaining up-to-date patches is critical as Oracle reports attackers have successfully exploited vulnerabilities when patches were not applied.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- oracle
- Date Reserved
- 2026-04-01T20:03:40.834Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","vendor":"Oracle"}]
Threat ID: 69e7e5b119fe3cd2cdfa01b4
Added to database: 4/21/2026, 9:01:37 PM
Last enriched: 4/21/2026, 9:17:20 PM
Last updated: 4/22/2026, 7:32:36 AM
Views: 10
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.