Skip to main content

Wyse Management Suite EUVDEUVD-2026-39391

| CVE-2026-49506 HIGH
Path Traversal (CWE-22)
2026-06-25 dell GHSA-22f4-hrhx-4j5v
7.2
CVSS 3.1 · Vendor: dell
Share

Severity by source

Vendor (dell) PRIMARY
7.2 HIGH
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
7.2 HIGH

Network-reachable management console (AV:N, AC:L) but exploitation requires an administrative WMS account (PR:H); path-traversal RCE yields full host compromise, so C/I/A:H.

3.1 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (dell).

CVSS VectorVendor: dell

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jun 25, 2026 - 14:26 vuln.today

DescriptionCVE.org

Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote Code Execution.

AnalysisAI

Remote code execution in Dell Wyse Management Suite (versions prior to WMS 5.5 HF1) is reachable through a path traversal flaw (CWE-22) that lets an authenticated, high-privileged remote attacker access or write files outside the intended directory and ultimately execute arbitrary code on the management server. The CVSS 3.1 base score is 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H), reflecting full confidentiality, integrity, and availability impact gated by a high-privilege requirement. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain high-privileged WMS access
Delivery
Reach file-handling endpoint
Exploit
Submit path with ../ traversal sequences
Execution
Write payload outside intended directory
Persist
Trigger execution as service account
Impact
Remote code execution on WMS host

Vulnerability AssessmentAI

Exploitation Exploitation requires an authenticated, high-privileged WMS account (CVSS PR:H) with remote/network access to the management console - it is NOT exploitable by anonymous or low-privileged users. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are partially conflicting and should be weighed carefully. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained high-privileged (administrative) access to the Wyse Management Suite console - for example a malicious insider or an adversary who phished or pivoted to an admin account - submits a crafted request whose file path contains traversal sequences, causing WMS to write a payload outside its intended directory. The dropped file is then executed in the server's context, granting code execution on the WMS host. …
Remediation Vendor-released patch: WMS 5.5 HF1 - upgrade Wyse Management Suite to version 5.5 HF1 or later as directed by Dell advisory DSA-2026-225 (https://www.dell.com/support/kbdoc/en-in/000465356/dsa-2026-225), which is the primary and recommended fix. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all Dell Wyse Management Suite deployments to identify affected versions and assess business criticality. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-41120 CRITICAL
9.8 Jun 25

Remote code execution affects Dell Wyse Management Suite in all versions prior to WMS 5.5 HF1, stemming from the applica

CVE-2026-22765 HIGH
8.8 Feb 24

Dell Wyse Management Suite versions prior to 5.5 suffer from improper access controls that allow authenticated remote at

CVE-2025-36574 HIGH
8.2 Jun 10

Dell Wyse Management Suite versions prior to 5.2 contain an Absolute Path Traversal vulnerability (CWE-36) that allows u

CVE-2025-29981 HIGH
7.5 Apr 02

Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Exposure of Sensitive Information Through Data Querie

CVE-2025-36575 HIGH
7.5 Jun 10

A information disclosure vulnerability in an Exposure of Sensitive Information (CVSS 7.5). High severity vulnerability r

CVE-2026-22766 HIGH
7.2 Feb 24

Remote code execution in Dell Wyse Management Suite versions before 5.5 via unrestricted file upload allows high-privile

CVE-2025-36578 MEDIUM
6.8 Jun 10

Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Incorrect Authorization vulnerability. A low privilege

CVE-2025-29982 MEDIUM
6.8 Apr 02

Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Insecure Inherited Permissions vulnerability. Rated m

CVE-2025-36577 MEDIUM
6.1 Jun 10

Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Improper Neutralization of Input During Web Page Gener

CVE-2025-36580 MEDIUM
6.1 Jun 10

Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Improper Neutralization of Input During Web Page Gener

CVE-2026-23858 MEDIUM
5.4 Feb 24

Dell Wyse Management Suite versions before 5.5 contain a cross-site scripting (XSS) vulnerability that allows authentica

CVE-2025-27694 MEDIUM
5.3 Apr 02

Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Insufficient Resource Pool vulnerability. Rated mediu

Share

EUVD-2026-39391 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy