This vulnerability affects Oracle VM VirtualBox version 7.2.8 and allows an attacker with high privileges and logon access to the host system to compromise the VirtualBox environment. The attack can result in unauthorized read access to a subset of data accessible by Oracle VM VirtualBox. The CVSS 3.1 base score is 3.2, reflecting a low severity with a confidentiality impact only. The vulnerability has a scope change, meaning it may impact additional products beyond VirtualBox. Oracle's June 2026 Critical Security Patch Update advisory references this vulnerability and strongly recommends applying patches promptly. No explicit patch or remediation level is stated in the advisory content provided, so patch status is not confirmed.

The impact of this vulnerability is limited to unauthorized read access to some data accessible by Oracle VM VirtualBox. There is no impact on integrity or availability. The attacker must already have high privileges and logon access to the infrastructure where VirtualBox runs, which limits the attack surface. The vulnerability may affect additional Oracle products due to scope change, but the primary impact is confidentiality loss within Oracle VM VirtualBox.

Oracle strongly recommends applying the June 2026 Critical Security Patch Update, which includes security patches addressing this vulnerability. Until patches are applied, risk may be reduced by restricting high privilege access to the infrastructure hosting Oracle VM VirtualBox and by removing unnecessary privileges from users. Blocking network protocols required by potential attacks may also help but could disrupt functionality. Patch status is not explicitly confirmed in the advisory; therefore, check Oracle's official advisory for the latest remediation guidance and patch availability.