A vulnerability was found in Oracle VM VirtualBox 7.2.8 . It has been declared as critical . The impacted element is an unknown function of the component VMSVGA Device . Executing a manipulation can lead to improper authorization. This vulnerability appears as CVE-2026-46877 . The attack requires local access. There is no available exploit. It is recommended to upgrade the affected component.