{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "virtualbox",
"binary_version": "5.1.38-dfsg-0ubuntu1.16.04.3"
},
{
"binary_name": "virtualbox-dkms",
"binary_version": "5.1.38-dfsg-0ubuntu1.16.04.3"
},
{
"binary_name": "virtualbox-guest-dkms",
"binary_version": "5.1.38-dfsg-0ubuntu1.16.04.3"
},
{
"binary_name": "virtualbox-guest-source",
"binary_version": "5.1.38-dfsg-0ubuntu1.16.04.3"
},
{
"binary_name": "virtualbox-guest-utils",
"binary_version": "5.1.38-dfsg-0ubuntu1.16.04.3"
},
{
"binary_name": "virtualbox-guest-x11",
"binary_version": "5.1.38-dfsg-0ubuntu1.16.04.3"
},
{
"binary_name": "virtualbox-qt",
"binary_version": "5.1.38-dfsg-0ubuntu1.16.04.3"
},
{
"binary_name": "virtualbox-source",
"binary_version": "5.1.38-dfsg-0ubuntu1.16.04.3"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "virtualbox",
"purl": "pkg:deb/ubuntu/virtualbox@5.1.38-dfsg-0ubuntu1.16.04.3?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"5.0.4-dfsg-2",
"5.0.8-dfsg-1",
"5.0.10-dfsg-1",
"5.0.10-dfsg-2",
"5.0.10-dfsg-3",
"5.0.10-dfsg-4",
"5.0.10-dfsg-5",
"5.0.10-dfsg-6",
"5.0.10-dfsg-7",
"5.0.12-dfsg-1",
"5.0.12-dfsg-2",
"5.0.14-dfsg-1",
"5.0.14-dfsg-2",
"5.0.14-dfsg-2build1",
"5.0.16-dfsg-2",
"5.0.16-dfsg-3",
"5.0.18-dfsg-1",
"5.0.18-dfsg-1ubuntu1",
"5.0.18-dfsg-2",
"5.0.18-dfsg-2build1",
"5.0.18-dfsg-2ubuntu1",
"5.0.24-dfsg-0ubuntu1.16.04.1",
"5.0.32-dfsg-0ubuntu1.16.04.2",
"5.0.36-dfsg-0ubuntu1.16.04.2",
"5.0.40-dfsg-0ubuntu1.16.04.1",
"5.0.40-dfsg-0ubuntu1.16.04.2",
"5.1.34-dfsg-0ubuntu1.16.04.2",
"5.1.38-dfsg-0ubuntu1.16.04.1",
"5.1.38-dfsg-0ubuntu1.16.04.2",
"5.1.38-dfsg-0ubuntu1.16.04.3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "virtualbox",
"binary_version": "5.2.42-dfsg-0~ubuntu1.18.04.1"
},
{
"binary_name": "virtualbox-dkms",
"binary_version": "5.2.42-dfsg-0~ubuntu1.18.04.1"
},
{
"binary_name": "virtualbox-guest-dkms",
"binary_version": "5.2.42-dfsg-0~ubuntu1.18.04.1"
},
{
"binary_name": "virtualbox-guest-source",
"binary_version": "5.2.42-dfsg-0~ubuntu1.18.04.1"
},
{
"binary_name": "virtualbox-guest-utils",
"binary_version": "5.2.42-dfsg-0~ubuntu1.18.04.1"
},
{
"binary_name": "virtualbox-guest-x11",
"binary_version": "5.2.42-dfsg-0~ubuntu1.18.04.1"
},
{
"binary_name": "virtualbox-qt",
"binary_version": "5.2.42-dfsg-0~ubuntu1.18.04.1"
},
{
"binary_name": "virtualbox-source",
"binary_version": "5.2.42-dfsg-0~ubuntu1.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "virtualbox",
"purl": "pkg:deb/ubuntu/virtualbox@5.2.42-dfsg-0~ubuntu1.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"5.1.30-dfsg-1",
"5.2.0-dfsg-1build2",
"5.2.0-dfsg-2",
"5.2.0-dfsg-4",
"5.2.0-dfsg-5",
"5.2.2-dfsg-2",
"5.2.2-dfsg-3~build1",
"5.2.2-dfsg-3",
"5.2.4-dfsg-1",
"5.2.4-dfsg-2",
"5.2.6-dfsg-1",
"5.2.6-dfsg-2",
"5.2.6-dfsg-3",
"5.2.6-dfsg-3build1",
"5.2.6-dfsg-5",
"5.2.8-dfsg-2",
"5.2.8-dfsg-3",
"5.2.8-dfsg-5",
"5.2.8-dfsg-6",
"5.2.8-dfsg-7",
"5.2.10-dfsg-1",
"5.2.10-dfsg-2",
"5.2.10-dfsg-5",
"5.2.10-dfsg-6",
"5.2.10-dfsg-6ubuntu18.04.1",
"5.2.18-dfsg-2~ubuntu18.04.1",
"5.2.18-dfsg-2~ubuntu18.04.3",
"5.2.18-dfsg-2~ubuntu18.04.5",
"5.2.32-dfsg-0~ubuntu18.04.1",
"5.2.34-dfsg-0~ubuntu18.04.1",
"5.2.42-dfsg-0~ubuntu1.18.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "virtualbox",
"binary_version": "6.1.50-dfsg-1~ubuntu1.20.04.1"
},
{
"binary_name": "virtualbox-dkms",
"binary_version": "6.1.50-dfsg-1~ubuntu1.20.04.1"
},
{
"binary_name": "virtualbox-guest-dkms",
"binary_version": "6.1.50-dfsg-1~ubuntu1.20.04.1"
},
{
"binary_name": "virtualbox-guest-source",
"binary_version": "6.1.50-dfsg-1~ubuntu1.20.04.1"
},
{
"binary_name": "virtualbox-guest-utils",
"binary_version": "6.1.50-dfsg-1~ubuntu1.20.04.1"
},
{
"binary_name": "virtualbox-guest-x11",
"binary_version": "6.1.50-dfsg-1~ubuntu1.20.04.1"
},
{
"binary_name": "virtualbox-qt",
"binary_version": "6.1.50-dfsg-1~ubuntu1.20.04.1"
},
{
"binary_name": "virtualbox-source",
"binary_version": "6.1.50-dfsg-1~ubuntu1.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "virtualbox",
"purl": "pkg:deb/ubuntu/virtualbox@6.1.50-dfsg-1~ubuntu1.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"6.0.14-dfsg-1",
"6.0.14-dfsg-2~build1",
"6.0.14-dfsg-2",
"6.1.0-dfsg-3build1",
"6.1.0-dfsg-3build2",
"6.1.2-dfsg-1",
"6.1.2-dfsg-1build1",
"6.1.4-dfsg-1",
"6.1.4-dfsg-2~build1",
"6.1.4-dfsg-2",
"6.1.4-dfsg-4",
"6.1.6-dfsg-1",
"6.1.10-dfsg-1~ubuntu1.20.04.1",
"6.1.16-dfsg-6~ubuntu1.20.04.1",
"6.1.16-dfsg-6~ubuntu1.20.04.2",
"6.1.22-dfsg-2~ubuntu1.20.04.1",
"6.1.26-dfsg-3~ubuntu1.20.04.1",
"6.1.26-dfsg-3~ubuntu1.20.04.2",
"6.1.32-dfsg-1~ubuntu1.20.04.1",
"6.1.34-dfsg-3~ubuntu1.20.04.1",
"6.1.38-dfsg-3~ubuntu1.20.04.1",
"6.1.48-dfsg-1~ubuntu1.20.04.1",
"6.1.50-dfsg-1~ubuntu1.20.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "virtualbox",
"binary_version": "6.1.50-dfsg-1~ubuntu1.22.04.3"
},
{
"binary_name": "virtualbox-dkms",
"binary_version": "6.1.50-dfsg-1~ubuntu1.22.04.3"
},
{
"binary_name": "virtualbox-guest-utils",
"binary_version": "6.1.50-dfsg-1~ubuntu1.22.04.3"
},
{
"binary_name": "virtualbox-guest-x11",
"binary_version": "6.1.50-dfsg-1~ubuntu1.22.04.3"
},
{
"binary_name": "virtualbox-qt",
"binary_version": "6.1.50-dfsg-1~ubuntu1.22.04.3"
},
{
"binary_name": "virtualbox-source",
"binary_version": "6.1.50-dfsg-1~ubuntu1.22.04.3"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "virtualbox",
"purl": "pkg:deb/ubuntu/virtualbox@6.1.50-dfsg-1~ubuntu1.22.04.3?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"6.1.26-dfsg-4",
"6.1.28-dfsg-1",
"6.1.30-dfsg-1",
"6.1.32-dfsg-1",
"6.1.32-dfsg-1build1",
"6.1.34-dfsg-3~ubuntu1.22.04.1",
"6.1.38-dfsg-3~ubuntu1.22.04.1",
"6.1.48-dfsg-1~ubuntu1.22.04.1",
"6.1.50-dfsg-1~ubuntu1.22.04.1",
"6.1.50-dfsg-1~ubuntu1.22.04.3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "virtualbox",
"binary_version": "7.0.16-dfsg-2ubuntu1.3"
},
{
"binary_name": "virtualbox-dkms",
"binary_version": "7.0.16-dfsg-2ubuntu1.3"
},
{
"binary_name": "virtualbox-guest-utils",
"binary_version": "7.0.16-dfsg-2ubuntu1.3"
},
{
"binary_name": "virtualbox-guest-x11",
"binary_version": "7.0.16-dfsg-2ubuntu1.3"
},
{
"binary_name": "virtualbox-qt",
"binary_version": "7.0.16-dfsg-2ubuntu1.3"
},
{
"binary_name": "virtualbox-source",
"binary_version": "7.0.16-dfsg-2ubuntu1.3"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "virtualbox",
"purl": "pkg:deb/ubuntu/virtualbox@7.0.16-dfsg-2ubuntu1.3?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"7.0.10-dfsg-3",
"7.0.12-dfsg-1",
"7.0.12-dfsg-1build1",
"7.0.14-dfsg-1",
"7.0.14-dfsg-2",
"7.0.14-dfsg-4",
"7.0.14-dfsg-4build4",
"7.0.14-dfsg-4build5",
"7.0.16-dfsg-1",
"7.0.16-dfsg-2",
"7.0.16-dfsg-2ubuntu1",
"7.0.16-dfsg-2ubuntu1.1",
"7.0.16-dfsg-2ubuntu1.3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "virtualbox",
"binary_version": "7.2.2-dfsg-2ubuntu0.1"
},
{
"binary_name": "virtualbox-dkms",
"binary_version": "7.2.2-dfsg-2ubuntu0.1"
},
{
"binary_name": "virtualbox-guest-utils",
"binary_version": "7.2.2-dfsg-2ubuntu0.1"
},
{
"binary_name": "virtualbox-guest-utils-hwe",
"binary_version": "7.2.2-dfsg-2ubuntu0.1"
},
{
"binary_name": "virtualbox-guest-x11",
"binary_version": "7.2.2-dfsg-2ubuntu0.1"
},
{
"binary_name": "virtualbox-guest-x11-hwe",
"binary_version": "7.2.2-dfsg-2ubuntu0.1"
},
{
"binary_name": "virtualbox-qt",
"binary_version": "7.2.2-dfsg-2ubuntu0.1"
},
{
"binary_name": "virtualbox-source",
"binary_version": "7.2.2-dfsg-2ubuntu0.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "virtualbox",
"purl": "pkg:deb/ubuntu/virtualbox@7.2.2-dfsg-2ubuntu0.1?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"7.0.20-dfsg-1.2",
"7.0.26-dfsg-1",
"7.1.8-dfsg-2",
"7.1.8-dfsg-3",
"7.1.8-dfsg-3build1",
"7.1.10-dfsg-1",
"7.1.12-dfsg-1",
"7.1.12-dfsg-2",
"7.2.0-dfsg-2",
"7.2.0-dfsg-3",
"7.2.2-dfsg-2",
"7.2.2-dfsg-2ubuntu0.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "virtualbox",
"binary_version": "7.2.6-dfsg-4"
},
{
"binary_name": "virtualbox-dkms",
"binary_version": "7.2.6-dfsg-4"
},
{
"binary_name": "virtualbox-guest-utils",
"binary_version": "7.2.6-dfsg-4"
},
{
"binary_name": "virtualbox-guest-utils-hwe",
"binary_version": "7.2.6-dfsg-4"
},
{
"binary_name": "virtualbox-guest-x11",
"binary_version": "7.2.6-dfsg-4"
},
{
"binary_name": "virtualbox-guest-x11-hwe",
"binary_version": "7.2.6-dfsg-4"
},
{
"binary_name": "virtualbox-qt",
"binary_version": "7.2.6-dfsg-4"
},
{
"binary_name": "virtualbox-source",
"binary_version": "7.2.6-dfsg-4"
}
]
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "virtualbox",
"purl": "pkg:deb/ubuntu/virtualbox@7.2.6-dfsg-4?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"7.2.2-dfsg-2",
"7.2.2-dfsg-3",
"7.2.4-dfsg-1",
"7.2.4-dfsg-1build1",
"7.2.4-dfsg-2~build1",
"7.2.4-dfsg-3",
"7.2.6-dfsg-3",
"7.2.6-dfsg-3ubuntu1",
"7.2.6-dfsg-3.2",
"7.2.6-dfsg-4"
]
}
],
"aliases": [],
"details": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 5.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L).",
"id": "UBUNTU-CVE-2026-35248",
"modified": "2026-05-20T15:27:24Z",
"published": "2026-04-21T21:16:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-35248"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35248"
}
],
"related": [],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2026-35248"
]
}