CVE-2026-46874
LowCVSS 3.2Exploitation Probability (EPSS)
Low risk4th percentile — higher than 4% of all known CVEs
Summary
Vulnerability in the Oracle VM VirtualBox product (component: Core) in version 7.2.8. Easily exploitable by a high privileged attacker with access to the infrastructure where Oracle VM VirtualBox runs, potentially compromising the software.
Risk Assessment
Attacks may significantly impact additional products, and successful exploitation can lead to unauthorized access to a subset of data accessible in Oracle VM VirtualBox.
Recommendation
It is recommended to update to the latest version of Oracle VM VirtualBox to mitigate the risks associated with this vulnerability.
Original NVD description (English source)
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 3.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N).

