Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Network-reachable management console (AV:N, AC:L) but exploitation requires an administrative WMS account (PR:H); path-traversal RCE yields full host compromise, so C/I/A:H.
Primary rating from Vendor (dell).
CVSS VectorVendor: dell
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote Code Execution.
AnalysisAI
Remote code execution in Dell Wyse Management Suite (versions prior to WMS 5.5 HF1) is reachable through a path traversal flaw (CWE-22) that lets an authenticated, high-privileged remote attacker access or write files outside the intended directory and ultimately execute arbitrary code on the management server. The CVSS 3.1 base score is 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H), reflecting full confidentiality, integrity, and availability impact gated by a high-privilege requirement. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires an authenticated, high-privileged WMS account (CVSS PR:H) with remote/network access to the management console - it is NOT exploitable by anonymous or low-privileged users. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals are partially conflicting and should be weighed carefully. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has obtained high-privileged (administrative) access to the Wyse Management Suite console - for example a malicious insider or an adversary who phished or pivoted to an admin account - submits a crafted request whose file path contains traversal sequences, causing WMS to write a payload outside its intended directory. The dropped file is then executed in the server's context, granting code execution on the WMS host. … |
| Remediation | Vendor-released patch: WMS 5.5 HF1 - upgrade Wyse Management Suite to version 5.5 HF1 or later as directed by Dell advisory DSA-2026-225 (https://www.dell.com/support/kbdoc/en-in/000465356/dsa-2026-225), which is the primary and recommended fix. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all Dell Wyse Management Suite deployments to identify affected versions and assess business criticality. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Wyse Management Suite
View allRemote code execution affects Dell Wyse Management Suite in all versions prior to WMS 5.5 HF1, stemming from the applica
Dell Wyse Management Suite versions prior to 5.5 suffer from improper access controls that allow authenticated remote at
Dell Wyse Management Suite versions prior to 5.2 contain an Absolute Path Traversal vulnerability (CWE-36) that allows u
Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Exposure of Sensitive Information Through Data Querie
A information disclosure vulnerability in an Exposure of Sensitive Information (CVSS 7.5). High severity vulnerability r
Remote code execution in Dell Wyse Management Suite versions before 5.5 via unrestricted file upload allows high-privile
Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Incorrect Authorization vulnerability. A low privilege
Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Insecure Inherited Permissions vulnerability. Rated m
Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Improper Neutralization of Input During Web Page Gener
Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Improper Neutralization of Input During Web Page Gener
Dell Wyse Management Suite versions before 5.5 contain a cross-site scripting (XSS) vulnerability that allows authentica
Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Insufficient Resource Pool vulnerability. Rated mediu
Same weakness CWE-22 – Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39391
GHSA-22f4-hrhx-4j5v