This vulnerability in Oracle VM VirtualBox 7.2.8's Shared Folders component permits a low privileged attacker who has logon access to the host system to compromise Oracle VM VirtualBox. The attack complexity is high, and no user interaction is required. The vulnerability affects confidentiality and integrity with a CVSS 3.1 base score of 7.5. The scope of impact extends beyond Oracle VM VirtualBox to other Oracle products. Oracle's June 2026 Critical Security Patch Update advisory addresses this and many other vulnerabilities, strongly urging customers to apply patches promptly. However, the specific patch for this vulnerability is not explicitly detailed in the advisory content provided.

Successful exploitation can result in unauthorized creation, deletion, or modification of critical data accessible by Oracle VM VirtualBox, as well as unauthorized access to all such data. The vulnerability affects confidentiality and integrity but does not impact availability. The scope change indicates potential impact on additional Oracle products beyond VirtualBox.

Oracle strongly recommends applying the June 2026 Critical Security Patch Update as soon as possible to address this vulnerability along with others. Until patches are applied, risk may be reduced by restricting logon access to the infrastructure where Oracle VM VirtualBox runs and by limiting privileges and access to relevant packages for users who do not require them. No official fix version is explicitly stated; customers should consult the Oracle advisory at https://www.oracle.com/security-alerts/cspujun2026.html for the latest patch availability and installation instructions.