Description
Dell Wyse Management Suite, versions prior to WMS 5.5, contain an Unrestricted Upload of File with Dangerous Type vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote execution.
Published: 2026-02-24
Score: 7.2 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

This vulnerability allows an attacker with high privileges to upload arbitrary files of dangerous types through the Dell Wyse Management Suite. The upload flaw can be leveraged to upload a malicious payload that the system will execute, resulting in remote code execution. The weakness maps to CWE-434, where the application fails to validate the type of uploaded files.

Affected Systems

The issue affects Dell Wyse Management Suite versions before 5.5. Systems running those versions are susceptible to the exploit regardless of network configuration, as the attack requires only a high‑privileged remote session to the management console.

Risk and Exploitability

The CVSS score of 7.2 classifies this as high severity. The EPSS score is below 1 %, indicating that while exploitability is low, it is not impossible. The vulnerability is not listed in the CISA KEV catalog, but remote execution remains a critical risk if the conditions are met. Attackers must first obtain elevated remote access; once achieved, the upload flaw can be invoked to execute arbitrary code.

Generated by OpenCVE AI on April 16, 2026 at 06:09 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Dell Wyse Management Suite to version 5.5 or later, which includes a fix for the unrestricted file upload flaw.
  • If an upgrade cannot be performed immediately, disable or strictly restrict the file upload feature or enforce a whitelist of acceptable file types to prevent malicious uploads.
  • Ensure that only trusted administrative accounts have remote access to the management console and enable multi‑factor authentication for those accounts to reduce the risk of privilege escalation.

Generated by OpenCVE AI on April 16, 2026 at 06:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 06:30:00 +0000

Type Values Removed Values Added
Title Unrestricted File Upload Allowing Remote Execution in Dell Wyse Management Suite before 5.5

Wed, 25 Feb 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 25 Feb 2026 15:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:dell:wyse_management_suite:*:*:*:*:*:*:*:*

Wed, 25 Feb 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell wyse Management Suite
Vendors & Products Dell
Dell wyse Management Suite

Tue, 24 Feb 2026 19:45:00 +0000

Type Values Removed Values Added
Description Dell Wyse Management Suite, versions prior to WMS 5.5, contain an Unrestricted Upload of File with Dangerous Type vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote execution.
Weaknesses CWE-434
References
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Dell Wyse Management Suite
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-03-20T19:43:58.535Z

Reserved: 2026-01-09T18:05:08.764Z

Link: CVE-2026-22766

cve-icon Vulnrichment

Updated: 2026-02-24T20:54:15.803Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-24T20:27:46.957

Modified: 2026-02-25T14:50:27.630

Link: CVE-2026-22766

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T06:15:26Z

Weaknesses