Description
Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote Code Execution.
Published: 2026-06-25
Score: 9.8 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Dell Wyse Management Suite exposes a weakness that allows an attacker to supply untrusted information which is treated as trusted. The flaw can be leveraged by an attacker with low privileges who has remote access, and the successful exploitation grants the attacker arbitrary code execution on the server hosting the management suite. This is classified as a high‑impact vulnerability with potential for full system compromise.

Affected Systems

All installations of Dell Wyse Management Suite with a version earlier than 5.5 HF1 are affected. The vulnerability is specific to the Dell Wyse Management Suite product and has not been reported for other Dell or third‑party applications.

Risk and Exploitability

The CVSS score of 9.8 marks the vulnerability as critical, and the unavailability of an EPSS score does not diminish the risk because the weakness can be abused without sophisticated prerequisites. The issue is not yet listed in the CISA KEV catalog, but the high severity and remote exploitation potential mean it should be treated with the same urgency as any other critical flaw. A low‑privileged attacker who can reach the WMS endpoints, such as through VPN or internal network exposure, could execute arbitrary code and potentially compromise the entire managed infrastructure.

Generated by OpenCVE AI on June 25, 2026 at 15:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Dell Wyse Management Suite to version 5.5 HF1 or later
  • Restrict the management interface to trusted administrators and apply least‑privilege access controls
  • Disable or block all unnecessary remote services that expose the WMS endpoints
  • Implement strong authentication and network segmentation around the WMS servers
  • Monitor traffic to the WMS for anomalous activity and audit logs for signs of exploitation

Generated by OpenCVE AI on June 25, 2026 at 15:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 25 Jun 2026 15:45:00 +0000

Type Values Removed Values Added
Title Remote Code Execution via Untrusted Data in Dell Wyse Management Suite

Thu, 25 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 25 Jun 2026 14:00:00 +0000

Type Values Removed Values Added
Description Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote Code Execution.
Weaknesses CWE-349
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-06-25T14:08:22.786Z

Reserved: 2026-04-17T05:04:42.886Z

Link: CVE-2026-41120

cve-icon Vulnrichment

Updated: 2026-06-25T14:08:20.309Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T15:30:16Z

Weaknesses
  • CWE-349

    Acceptance of Extraneous Untrusted Data With Trusted Data