Description
Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.
Published: 2026-06-22
Score: 8.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an improper neutralization of special elements used in an SQL command in Dell Wyse Management Suite versions prior to 2605. It permits a low‑privileged attacker with remote access to inject arbitrary SQL, potentially compromising the integrity and confidentiality of the underlying database and enabling unauthorized access.

Affected Systems

Dell Wyse Management Suite (WMS) versions earlier than 2605 are affected. The vulnerable component is part of the remote management interface. The CVE description does not specify which user roles interact with it; it is inferred that administrators or other users could use it.

Risk and Exploitability

With a CVSS score of 8.8, the risk is high. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, though remote exploitation requires low privileged access. An attacker can exploit the component via a remote connection to the management interface to inject SQL commands.

Generated by OpenCVE AI on June 22, 2026 at 22:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Dell Wyse Management Suite to version 2605 or later.
  • Restrict remote access to WMS to authorized, high‑privilege accounts only.
  • Configure firewall rules to block unauthorized remote connections to the WMS management interface.

Generated by OpenCVE AI on June 22, 2026 at 22:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 22 Jun 2026 22:45:00 +0000

Type Values Removed Values Added
Title SQL Injection Vulnerability in Dell Wyse Management Suite (WMS)

Mon, 22 Jun 2026 20:00:00 +0000

Type Values Removed Values Added
Description Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-06-22T18:56:59.066Z

Reserved: 2026-05-05T17:04:45.713Z

Link: CVE-2026-44272

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-22T22:30:07Z

Weaknesses
  • CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')