VMSVGA Device Vulnerability in Oracle VM VirtualBox by Oracle
CVE-2026-46825

6MEDIUM

Key Information:

Vendor: Oracle
Status: Oracle Vm Virtualbox
Vendor: CVE Published:; 16 June 2026

What is CVE-2026-46825?

A vulnerability exists in the VMSVGA device of Oracle VM VirtualBox, specifically in version 7.2.8. This flaw allows a high-privileged attacker with access to the infrastructure where Oracle VM VirtualBox is running to exploit the system. By doing so, they can gain unauthorized access to critical data, enabling them to create, delete, or modify any data accessible by Oracle VM VirtualBox. The implications of this vulnerability extend beyond the virtual machine itself, potentially impacting additional products in the environment.

Affected Version(s)

Oracle VM VirtualBox 7.2.8

References

https://www.oracle.com/security-alerts/cspujun2026.html

vendor-advisory

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 16, 2026
Vulnerability Reserved
May 18, 2026

CVE-2026-46825 Data

JSON