EUVD-2026-38345
GHSA-jrhr-xpg4-wphg
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Network-reachable management console with low-privileged account required (PR:L), no user interaction, SQLi yields high confidentiality and availability impact but description and tags do not substantiate integrity impact.
Primary rating from Vendor (dell).
CVSS VectorVendor: dell
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Lifecycle Timeline
2DescriptionCVE.org
Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.
AnalysisAI
SQL injection in Dell Wyse Management Suite (WMS) versions prior to 2605 allows authenticated low-privileged remote attackers to manipulate backend database queries and gain unauthorized access to data and management functions. The CVSS 8.1 rating reflects high confidentiality and availability impact via network-reachable management interfaces, though no public exploit was identified at time of analysis.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Requires network reachability to the Dell Wyse Management Suite web/API interface and valid low-privileged WMS credentials per the CVSS PR:L metric; no user interaction is needed. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H indicates a low-complexity network attack requiring only a low-privileged account, with high confidentiality and availability impact but no integrity impact, which is somewhat unusual for SQLi and may reflect that the injection point reaches read paths and resource-heavy queries rather than write operations. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with phished or otherwise obtained low-privileged WMS credentials authenticates to the management console over the network and submits crafted input to a vulnerable parameter that is concatenated into a backend SQL query. The malformed query exfiltrates device inventory, administrator password hashes, or session data from the WMS database, and resource-intensive payloads can degrade or stall the service, ultimately enabling lateral movement onto managed thin clients. … |
| Remediation | Vendor-released patch: upgrade Dell Wyse Management Suite to version 2605 or later as described in Dell advisory DSA-2026-247 (https://www.dell.com/support/kbdoc/en-us/000472001/dsa-2026-247). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all Dell Wyse Management Suite instances and confirm which are running versions prior to 2605. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More from same product – last 7 days
SQL injection in Dell Wyse Management Suite (WMS) versions prior to 2605 allows authenticated low-privileged remote atta
Local privilege-bound symlink abuse in Dell Wyse Management Suite (WMS) versions prior to 2605 allows a low-privileged l
Dell Wyse Management Suite (WMS) versions prior to 2605 ships with default credentials, enabling a high-privileged local
Share
External POC / Exploit Code
Leaving vuln.today