What is the CVSS score of CVE-2026-44272?

CVE-2026-44272 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.2%.

Which versions of Dell Wyse Management Suite are affected by CVE-2026-44272?

Dell Wyse Management Suite (WMS) versions prior to 2605 contain a SQL injection vulnerability allowing authenticated low-privileged users to manipulate backend database queries and escalate…. A patch is available.

How to fix or mitigate CVE-2026-44272?

Within 24 hours: Audit all Dell WMS deployments to identify versions prior to 2605 and immediately restrict administrative access to trusted networks via firewall rules. Within 7 days: Implement network segmentation isolating WMS from critical systems, deploy SQL injection detection signatures, and establish enhanced logging of WMS database queries. Within 30 days: Monitor Dell security advisories for WMS 2605+ patches and establish upgrade timeline; if no patch is available within 30 days, develop contingency plan to migrate to alternative management solutions.

Dell Wyse Management Suite CVE-2026-44272

EUVD-2026-38343 HIGH

SQL Injection (CWE-89)

2026-06-22 dell

GHSA-v2m2-r86g-wfp5

SQLi Authentication Bypass Dell Wyse Management Suite Wms

8.8

CVSS 3.1 · Vendor: dell

Severity by source

Vendor (dell) PRIMARY

8.8 HIGH

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

vuln.today AI

8.8 HIGH

Network-reachable management interface (AV:N), straightforward SQLi (AC:L), requires a valid low-privileged account (PR:L), no user interaction, and database compromise yields high C/I/A.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (dell).

CVSS VectorVendor: dell

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch available

Jun 22, 2026 - 21:02 EUVD

Analysis Generated

Jun 22, 2026 - 20:15 vuln.today

DescriptionCVE.org

Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.

AnalysisAI

SQL injection in Dell Wyse Management Suite (WMS) versions prior to 2605 allows authenticated low-privileged remote attackers to manipulate backend database queries, leading to unauthorized data access and potential integrity or availability impact. The CVSS 8.8 rating reflects high impact across confidentiality, integrity, and availability under low attack complexity, though no public exploit identified at time of analysis. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Obtain low-privilege WMS credentials

Delivery

Reach WMS management interface over network

Exploit

Submit crafted SQL payload to vulnerable parameter

Execution

Injected query executes in database context

Persist

Extract or modify sensitive records

Impact

Escalate to administrative control of WMS fleet

Access

Obtain low-privilege WMS credentials

Delivery

Reach WMS management interface over network

Exploit

Submit crafted SQL payload to vulnerable parameter

Execution

Injected query executes in database context

Persist

Extract or modify sensitive records

Impact

Escalate to administrative control of WMS fleet

Vulnerability AssessmentAI

Exploitation	Exploitation requires network reachability to the Dell Wyse Management Suite web/API interface and a valid low-privileged authenticated session on the WMS platform (PR:L in the CVSS vector). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	The CVSS 3.1 vector AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H indicates network-exploitable with low complexity, requiring only low-privileged authentication and no user interaction, yielding high impact across all three dimensions. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker who has obtained or been issued a low-privileged WMS account - for example, a help-desk operator credential - sends crafted input through a vulnerable WMS web parameter that is interpolated into a backend SQL query. The injected SQL is executed in the application's database context, allowing the attacker to read administrator password hashes, modify device assignment records, or potentially escalate to administrative control of the Wyse thin client fleet. …
Remediation	Vendor-released patch: upgrade to Dell Wyse Management Suite version 2605 or later, per Dell advisory DSA-2026-247 (https://www.dell.com/support/kbdoc/en-us/000472001/dsa-2026-247). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Audit all Dell WMS deployments to identify versions prior to 2605 and immediately restrict administrative access to trusted networks via firewall rules. …

Threat intelligence, references, and detailed analysis are available after sign-in.