CVE-2026-35246: Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. in Oracle Corporation Oracle VM VirtualBox
CVE-2026-35246 is a high-severity vulnerability in Oracle VM VirtualBox version 7. 2. 6. It allows a high privileged attacker with local access to the infrastructure running Oracle VM VirtualBox to compromise the product, potentially leading to full takeover. The vulnerability affects confidentiality, integrity, and availability, and has a CVSS 3. 1 base score of 7. 5. While the vulnerability is specific to Oracle VM VirtualBox, successful exploitation may impact additional Oracle products due to scope change. There is no explicit vendor advisory stating a patch or fix for this specific vulnerability yet, but it is included in Oracle's April 2026 Critical Patch Update advisory, which covers many vulnerabilities across Oracle products. Customers are strongly advised to apply Oracle's Critical Patch Updates promptly to mitigate risks.
AI Analysis
Technical Summary
This vulnerability in Oracle VM VirtualBox 7.2.6 allows a high privileged attacker with local access (logon) to the host infrastructure to compromise Oracle VM VirtualBox. The attack complexity is high, requiring high privileges and no user interaction, but successful exploitation can lead to a complete takeover of Oracle VM VirtualBox, impacting confidentiality, integrity, and availability. The vulnerability has a scope change, meaning it may affect other Oracle products beyond VirtualBox. The CVSS 3.1 vector is AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H, indicating local attack vector, high attack complexity, high privileges required, no user interaction, changed scope, and high impact on confidentiality, integrity, and availability. Oracle's April 2026 Critical Patch Update advisory references this vulnerability among many others but does not explicitly confirm a dedicated patch for this CVE alone. Customers should review and apply the April 2026 CPU to address this and other vulnerabilities.
Potential Impact
Successful exploitation allows a high privileged local attacker to take over Oracle VM VirtualBox, compromising confidentiality, integrity, and availability of the virtualization environment. Due to scope change, additional Oracle products may be significantly impacted. This could lead to unauthorized control over virtual machines and potentially affect other components relying on Oracle VM VirtualBox. No known exploits in the wild have been reported, but the vulnerability is considered high severity with a CVSS score of 7.5.
Mitigation Recommendations
Oracle includes this vulnerability in its April 2026 Critical Patch Update advisory, which contains numerous security patches across Oracle products. Customers are strongly advised to apply the April 2026 Critical Patch Update promptly to mitigate this and other vulnerabilities. No specific patch link for this CVE is provided separately, so applying the comprehensive CPU is the recommended remediation. There is no vendor advisory indication that no action is required or that the vulnerability is already mitigated. Patch status beyond the CPU is not explicitly confirmed; therefore, customers should monitor Oracle advisories for updates.
CVE-2026-35246: Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. in Oracle Corporation Oracle VM VirtualBox
Description
CVE-2026-35246 is a high-severity vulnerability in Oracle VM VirtualBox version 7. 2. 6. It allows a high privileged attacker with local access to the infrastructure running Oracle VM VirtualBox to compromise the product, potentially leading to full takeover. The vulnerability affects confidentiality, integrity, and availability, and has a CVSS 3. 1 base score of 7. 5. While the vulnerability is specific to Oracle VM VirtualBox, successful exploitation may impact additional Oracle products due to scope change. There is no explicit vendor advisory stating a patch or fix for this specific vulnerability yet, but it is included in Oracle's April 2026 Critical Patch Update advisory, which covers many vulnerabilities across Oracle products. Customers are strongly advised to apply Oracle's Critical Patch Updates promptly to mitigate risks.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in Oracle VM VirtualBox 7.2.6 allows a high privileged attacker with local access (logon) to the host infrastructure to compromise Oracle VM VirtualBox. The attack complexity is high, requiring high privileges and no user interaction, but successful exploitation can lead to a complete takeover of Oracle VM VirtualBox, impacting confidentiality, integrity, and availability. The vulnerability has a scope change, meaning it may affect other Oracle products beyond VirtualBox. The CVSS 3.1 vector is AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H, indicating local attack vector, high attack complexity, high privileges required, no user interaction, changed scope, and high impact on confidentiality, integrity, and availability. Oracle's April 2026 Critical Patch Update advisory references this vulnerability among many others but does not explicitly confirm a dedicated patch for this CVE alone. Customers should review and apply the April 2026 CPU to address this and other vulnerabilities.
Potential Impact
Successful exploitation allows a high privileged local attacker to take over Oracle VM VirtualBox, compromising confidentiality, integrity, and availability of the virtualization environment. Due to scope change, additional Oracle products may be significantly impacted. This could lead to unauthorized control over virtual machines and potentially affect other components relying on Oracle VM VirtualBox. No known exploits in the wild have been reported, but the vulnerability is considered high severity with a CVSS score of 7.5.
Mitigation Recommendations
Oracle includes this vulnerability in its April 2026 Critical Patch Update advisory, which contains numerous security patches across Oracle products. Customers are strongly advised to apply the April 2026 Critical Patch Update promptly to mitigate this and other vulnerabilities. No specific patch link for this CVE is provided separately, so applying the comprehensive CPU is the recommended remediation. There is no vendor advisory indication that no action is required or that the vulnerability is already mitigated. Patch status beyond the CPU is not explicitly confirmed; therefore, customers should monitor Oracle advisories for updates.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- oracle
- Date Reserved
- 2026-04-01T20:03:40.833Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","vendor":"Oracle"}]
Threat ID: 69e7e5af19fe3cd2cdfa0178
Added to database: 4/21/2026, 9:01:35 PM
Last enriched: 4/21/2026, 9:16:38 PM
Last updated: 4/22/2026, 5:29:41 AM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.