CVE-2026-46873: Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. in Oracle Corporation Oracle VM VirtualBox
CVE-2026-46873 is a high-severity vulnerability in Oracle VM VirtualBox version 7.2.8 affecting the VMSVGA device component. It allows a high privileged attacker with logon access to the host infrastructure to potentially compromise Oracle VM VirtualBox, leading to a complete takeover of the virtualization software. The vulnerability has a CVSS 3.1 base score of 7.5, indicating significant impacts on confidentiality, integrity, and availability. Oracle has included this vulnerability in its June 2026 Critical Security Patch Update advisory but has not explicitly stated a patch or fix for this specific version in the advisory content. Oracle strongly recommends applying Critical Security Patch Updates promptly to mitigate such vulnerabilities. No known exploits in the wild have been reported as of the advisory date.
AI Analysis
Technical Summary
This vulnerability in Oracle VM VirtualBox 7.2.8 involves the VMSVGA device and requires a high privileged attacker with logon access to the host system. Successful exploitation can lead to a complete compromise of Oracle VM VirtualBox, with impacts on confidentiality, integrity, and availability. The vulnerability scope extends beyond VirtualBox, potentially affecting additional products. The CVSS vector (AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H) indicates local attack vector, high attack complexity, high privileges required, no user interaction, and a scope change with high impact on confidentiality, integrity, and availability. Oracle’s June 2026 Critical Security Patch Update advisory references this vulnerability but does not explicitly confirm a patch for version 7.2.8. Oracle urges customers to apply security patches promptly to reduce risk.
Potential Impact
A successful exploit of this vulnerability can result in full takeover of Oracle VM VirtualBox, compromising confidentiality, integrity, and availability of the virtualization environment. Because the vulnerability has a scope change, it may also significantly impact additional Oracle products that interact with or depend on Oracle VM VirtualBox. The attack requires high privileges and local access to the infrastructure where VirtualBox runs, limiting the attack surface to trusted users with elevated rights. No known exploits in the wild have been reported to date.
Mitigation Recommendations
Oracle strongly recommends applying the June 2026 Critical Security Patch Update as soon as possible to address this and other vulnerabilities. Although the advisory does not explicitly confirm a patch for Oracle VM VirtualBox 7.2.8, the general guidance is to remain on actively supported versions and apply all relevant security patches without delay. Until patches are applied, risk may be reduced by limiting high privileged user access to the infrastructure running Oracle VM VirtualBox and by blocking network protocols required for potential attacks, if applicable. Removing unnecessary privileges from users who do not require them may also help reduce risk, but these measures may impact functionality. Customers should monitor Oracle’s advisory page for updates regarding specific patches for Oracle VM VirtualBox.
CVE-2026-46873: Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. in Oracle Corporation Oracle VM VirtualBox
Description
CVE-2026-46873 is a high-severity vulnerability in Oracle VM VirtualBox version 7.2.8 affecting the VMSVGA device component. It allows a high privileged attacker with logon access to the host infrastructure to potentially compromise Oracle VM VirtualBox, leading to a complete takeover of the virtualization software. The vulnerability has a CVSS 3.1 base score of 7.5, indicating significant impacts on confidentiality, integrity, and availability. Oracle has included this vulnerability in its June 2026 Critical Security Patch Update advisory but has not explicitly stated a patch or fix for this specific version in the advisory content. Oracle strongly recommends applying Critical Security Patch Updates promptly to mitigate such vulnerabilities. No known exploits in the wild have been reported as of the advisory date.
CVSS v3.1
Score 7.5high
Affected software
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in Oracle VM VirtualBox 7.2.8 involves the VMSVGA device and requires a high privileged attacker with logon access to the host system. Successful exploitation can lead to a complete compromise of Oracle VM VirtualBox, with impacts on confidentiality, integrity, and availability. The vulnerability scope extends beyond VirtualBox, potentially affecting additional products. The CVSS vector (AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H) indicates local attack vector, high attack complexity, high privileges required, no user interaction, and a scope change with high impact on confidentiality, integrity, and availability. Oracle’s June 2026 Critical Security Patch Update advisory references this vulnerability but does not explicitly confirm a patch for version 7.2.8. Oracle urges customers to apply security patches promptly to reduce risk.
Potential Impact
A successful exploit of this vulnerability can result in full takeover of Oracle VM VirtualBox, compromising confidentiality, integrity, and availability of the virtualization environment. Because the vulnerability has a scope change, it may also significantly impact additional Oracle products that interact with or depend on Oracle VM VirtualBox. The attack requires high privileges and local access to the infrastructure where VirtualBox runs, limiting the attack surface to trusted users with elevated rights. No known exploits in the wild have been reported to date.
Mitigation Recommendations
Oracle strongly recommends applying the June 2026 Critical Security Patch Update as soon as possible to address this and other vulnerabilities. Although the advisory does not explicitly confirm a patch for Oracle VM VirtualBox 7.2.8, the general guidance is to remain on actively supported versions and apply all relevant security patches without delay. Until patches are applied, risk may be reduced by limiting high privileged user access to the infrastructure running Oracle VM VirtualBox and by blocking network protocols required for potential attacks, if applicable. Removing unnecessary privileges from users who do not require them may also help reduce risk, but these measures may impact functionality. Customers should monitor Oracle’s advisory page for updates regarding specific patches for Oracle VM VirtualBox.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- oracle
- Date Reserved
- 2026-05-18T15:55:10.308Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","vendor":"Oracle"}]
Threat ID: 6a31b61e0b89be6888265bab
Added to database: 6/16/2026, 8:46:22 PM
Last enriched: 6/16/2026, 9:47:29 PM
Last updated: 6/17/2026, 4:59:02 AM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.