CVE-2026-35250: Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. in Oracle Corporation Oracle VM VirtualBox
CVE-2026-35250 is a vulnerability in Oracle VM VirtualBox version 7. 2. 6 that allows a high privileged attacker with local access to cause a partial denial of service (DoS) of the Oracle VM VirtualBox software. The vulnerability impacts availability but does not affect confidentiality or integrity. The CVSS 3. 1 base score is 2. 3, indicating a low severity issue. There is no explicit vendor advisory stating a patch or fix specifically for this vulnerability in the provided Oracle Critical Patch Update advisory. The advisory emphasizes applying Critical Patch Updates promptly but does not mention this specific vulnerability as patched. No known exploits are reported in the wild.
AI Analysis
Technical Summary
This vulnerability affects the core component of Oracle VM VirtualBox version 7.2.6. It is exploitable by an attacker who already has high privileges and local access to the infrastructure where VirtualBox runs. Exploitation can lead to a partial denial of service condition, impacting the availability of the VirtualBox service. The CVSS vector indicates local attack vector, low attack complexity, high privileges required, no user interaction, unchanged scope, and only availability impact. The vendor advisory linked is a general Critical Patch Update advisory for April 2026, which does not explicitly confirm a patch for this specific CVE. Patch status is therefore not confirmed and should be verified with Oracle's official advisory.
Potential Impact
Successful exploitation results in a partial denial of service affecting Oracle VM VirtualBox availability. There is no impact on confidentiality or integrity. The attack requires high privileges and local access, limiting the attack surface. No known exploits in the wild have been reported, reducing immediate risk.
Mitigation Recommendations
Patch status is not yet confirmed—check the Oracle Critical Patch Update advisory and Oracle security alerts for current remediation guidance. Oracle strongly recommends applying Critical Patch Updates promptly to address vulnerabilities. Until a patch is confirmed, restrict high privileged access to the infrastructure running Oracle VM VirtualBox to trusted users only.
CVE-2026-35250: Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. in Oracle Corporation Oracle VM VirtualBox
Description
CVE-2026-35250 is a vulnerability in Oracle VM VirtualBox version 7. 2. 6 that allows a high privileged attacker with local access to cause a partial denial of service (DoS) of the Oracle VM VirtualBox software. The vulnerability impacts availability but does not affect confidentiality or integrity. The CVSS 3. 1 base score is 2. 3, indicating a low severity issue. There is no explicit vendor advisory stating a patch or fix specifically for this vulnerability in the provided Oracle Critical Patch Update advisory. The advisory emphasizes applying Critical Patch Updates promptly but does not mention this specific vulnerability as patched. No known exploits are reported in the wild.
CVSS v3.1
Score 2.3low
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability affects the core component of Oracle VM VirtualBox version 7.2.6. It is exploitable by an attacker who already has high privileges and local access to the infrastructure where VirtualBox runs. Exploitation can lead to a partial denial of service condition, impacting the availability of the VirtualBox service. The CVSS vector indicates local attack vector, low attack complexity, high privileges required, no user interaction, unchanged scope, and only availability impact. The vendor advisory linked is a general Critical Patch Update advisory for April 2026, which does not explicitly confirm a patch for this specific CVE. Patch status is therefore not confirmed and should be verified with Oracle's official advisory.
Potential Impact
Successful exploitation results in a partial denial of service affecting Oracle VM VirtualBox availability. There is no impact on confidentiality or integrity. The attack requires high privileges and local access, limiting the attack surface. No known exploits in the wild have been reported, reducing immediate risk.
Mitigation Recommendations
Patch status is not yet confirmed—check the Oracle Critical Patch Update advisory and Oracle security alerts for current remediation guidance. Oracle strongly recommends applying Critical Patch Updates promptly to address vulnerabilities. Until a patch is confirmed, restrict high privileged access to the infrastructure running Oracle VM VirtualBox to trusted users only.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- oracle
- Date Reserved
- 2026-04-01T20:03:40.834Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","vendor":"Oracle"}]
Threat ID: 69e7e5b119fe3cd2cdfa01b4
Added to database: 4/21/2026, 9:01:37 PM
Last enriched: 4/29/2026, 11:21:40 AM
Last updated: 6/3/2026, 10:09:05 PM
Views: 74
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.