Description
Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.
Published: 2026-06-22
Score: 8.1 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in Dell Wyse Management Suite (WMS) versions before 2605 allows an attacker with low privilege and remote access to inject arbitrary SQL statements by exploiting improper neutralization of special characters. The resulting SQL injection can compromise the integrity of stored data and grant unauthorized access to the database, potentially facilitating data exfiltration or further system compromise.

Affected Systems

Dell Wyse Management Suite (WMS) – any instance running a version prior to 2605. The affected product is the WMS platform provided by Dell; no additional third‑party components are listed.

Risk and Exploitability

The vulnerability has a CVSS score of 8.1, indicating a high severity risk. Exact EPSS data is not available, and the vulnerability is not currently listed in CISA’s KEV catalog. Attackers would need remote connectivity to the WMS interface and only low privileges to materialize the exploit, which could lead to unauthorized access of sensitive data.

Generated by OpenCVE AI on June 22, 2026 at 21:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update WMS to version 2605 or later, ensuring the official patch is applied.
  • Limit remote access to the WMS by restricting connections to trusted administrators and enforcing least privilege principles.
  • Implement input validation and use parameterized queries or stored procedures to eliminate the possibility of SQL injection in all user‑supplied fields.

Generated by OpenCVE AI on June 22, 2026 at 21:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 22 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Title SQL Injection Vulnerability in Dell Wyse Management Suite Prior to 2605 Allowing Unauthorized Access

Mon, 22 Jun 2026 20:00:00 +0000

Type Values Removed Values Added
Description Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-06-22T19:00:51.136Z

Reserved: 2026-05-05T17:04:45.713Z

Link: CVE-2026-44271

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-22T21:30:06Z

Weaknesses
  • CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')