Description
Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Client-Side Enforcement of Server-Side Security vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability to Protection mechanism bypass.
Published: 2026-02-24
Score: 2.7 Low
EPSS: < 1% Very Low
KEV: No
Impact: Privilege escalation via client‑side bypass
Action: Assess
AI Analysis

Impact

The vulnerability is a Client‑Side Enforcement of Server‑Side Security flaw that allows a high‑privileged attacker with remote access to bypass client‑side security controls, potentially compromising the integrity of the management environment. It is classified as CWE‑602, indicating inadequate enforcement of server‑side security policies by the client, which could enable unintended privilege escalation or unauthorized configuration changes. This weakness alone does not grant confidentiality loss but undermines the integrity and enforcement of protection mechanisms.

Affected Systems

Dell Wyse Management Suite installations running any version prior to 5.5 are affected. The flaw resides in components that enforce security policies on the client based on server instructions, and applies to all such client instances within the suite.

Risk and Exploitability

The CVSS score of 2.7 reflects a low overall risk, and the EPSS score of less than 1 % indicates a very low likelihood of exploitation in the wild. The vulnerability is not listed in the KEV catalog. Nonetheless, if an attacker already has high‑privilege remote access to a client, they can exploit the flaw to bypass server‑defined protection mechanisms. The overall risk depends primarily on the attacker’s pre‑existing access level, with no exploitation possible for unauthenticated users.

Generated by OpenCVE AI on April 17, 2026 at 15:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Dell Wyse Management Suite to version 5.5 or later to receive the fix for the client‑side enforcement flaw.
  • If upgrading is not immediately possible, restrict remote access to client machines and enforce strict access controls to limit the set of users who can obtain high‑privilege access.
  • Continuously monitor client‑side activity for anomalies that could indicate an attempt to bypass security controls, and keep client operating systems and firmware up to date to reduce other attack vectors.

Generated by OpenCVE AI on April 17, 2026 at 15:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 16:00:00 +0000

Type Values Removed Values Added
Title Client‑Side enforcement bypass in Dell Wyse Management Suite before v5.5

Wed, 25 Feb 2026 15:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:dell:wyse_management_suite:*:*:*:*:*:*:*:*

Wed, 25 Feb 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell wyse Management Suite
Vendors & Products Dell
Dell wyse Management Suite

Tue, 24 Feb 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 24 Feb 2026 20:15:00 +0000

Type Values Removed Values Added
Description Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Client-Side Enforcement of Server-Side Security vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability to Protection mechanism bypass.
Weaknesses CWE-602
References
Metrics cvssV3_1

{'score': 2.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

Dell Wyse Management Suite
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-02-24T21:41:09.368Z

Reserved: 2026-01-16T18:05:07.319Z

Link: CVE-2026-23859

cve-icon Vulnrichment

Updated: 2026-02-24T21:41:02.359Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-24T20:27:47.460

Modified: 2026-02-25T14:50:35.783

Link: CVE-2026-23859

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T15:45:15Z

Weaknesses