Severity: HIGH

Exodus Intelligence details a use-after-free vulnerability in VirtualBox, patched in January 2026, that allows for virtual machine escape. The vulnerability, presented at OffensiveCon 2026, involves resurrecting freed memory to achieve arbitrary code execution. The blog post provides a deep dive into the exploitation process on a Linux guest system, showcasing advanced techniques for hypervisor compromise.

Source: Exodus Intelligence