CRITICAL🇵🇱 Wersja polska

CVE-2026-41120

CVSS 9.8v3.1pub. 2026-06-25upd. 2026-06-26

Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote Code Execution.

🤖 AI Analysis
How it works

The vulnerability is classified as CWE-349 (Acceptance of Extraneous Untrusted Data With Trusted Data) and occurs when the application improperly processes data transmitted along with trusted data, failing to reject additional untrusted elements. An attacker can inject malicious data that will be treated as trusted and executed by the system. Exploitation requires only low privileges and remote network access, with no need for user interaction.

Impact

Successful exploitation of this vulnerability leads to remote code execution (RCE) on the Dell Wyse Management Suite server, which may result in complete system compromise, breach of confidentiality, integrity, and availability of managed resources.

Mitigation & patch

Dell Wyse Management Suite must be immediately updated to version WMS 5.5 HF1 or later. Details are available in the Dell security bulletin DSA-2026-225 at: https://www.dell.com/support/kbdoc/en-in/000465356/dsa-2026-225

Who is affected

Dell Wyse Management Suite in versions prior to WMS 5.5 HF1

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Dell Wyse Management Suite

    APP
    Dell
    5.5< 5.5
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2021-36336CRITICAL9.8ten sam produkt

Wyse Management Suite 3.3.1 and below versions contain a deserialization vulnerability that could allow an una...

CVE-2026-49506HIGH7.2ten sam produkt

Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Improper Limitation of a Pathname to a R...

CVE-2026-44274HIGH7.8ten sam produkt

Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Link Resolution Before File ...

CVE-2026-44271HIGH8.1ten sam produkt

Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Neutralization of Special El...

CVE-2026-44272HIGH8.8ten sam produkt

Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Neutralization of Special El...