Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Network-reachable RCE with low complexity and full impact; PR:L chosen to reflect Dell's 'low privileged attacker' wording over the input's PR:N, pending vendor confirmation.
Primary rating from Vendor (dell).
CVSS VectorVendor: dell
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote Code Execution.
AnalysisAI
Remote code execution affects Dell Wyse Management Suite in all versions prior to WMS 5.5 HF1, stemming from the application's acceptance of extraneous untrusted data alongside trusted data (CWE-349). Per the provided CVSS vector (PR:N), a remote unauthenticated attacker could potentially achieve full code execution against the management server, though the Dell description text characterizes the actor as 'low privileged' - a discrepancy worth verifying. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Network reachability to the Wyse Management Suite server is required. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The supplied CVSS 3.1 base score is 9.8 (Critical) with vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - network-reachable, low complexity, no privileges, no user interaction, and full confidentiality/integrity/availability impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who can reach the Wyse Management Suite server over the network sends a crafted request in which malicious untrusted data is bundled with otherwise-trusted request fields; the server accepts and acts on the extraneous data, resulting in code execution on the management host. No public exploit is currently available, but given AV:N/AC:L the technical barrier is low if an attacker reverse-engineers the patch, potentially yielding control over every managed thin client. |
| Remediation | Vendor-released patch: upgrade to Dell Wyse Management Suite 5.5 HF1 or later, which remediates this vulnerability per Dell advisory DSA-2026-225 (https://www.dell.com/support/kbdoc/en-in/000465356/dsa-2026-225). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Identify all Dell Wyse Management Suite deployments and document current versions; review system logs for exploitation attempts. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Wyse Management Suite
View allDell Wyse Management Suite versions prior to 5.5 suffer from improper access controls that allow authenticated remote at
Dell Wyse Management Suite versions prior to 5.2 contain an Absolute Path Traversal vulnerability (CWE-36) that allows u
Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Exposure of Sensitive Information Through Data Querie
A information disclosure vulnerability in an Exposure of Sensitive Information (CVSS 7.5). High severity vulnerability r
Remote code execution in Dell Wyse Management Suite (versions prior to WMS 5.5 HF1) is reachable through a path traversa
Remote code execution in Dell Wyse Management Suite versions before 5.5 via unrestricted file upload allows high-privile
Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Incorrect Authorization vulnerability. A low privilege
Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Insecure Inherited Permissions vulnerability. Rated m
Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Improper Neutralization of Input During Web Page Gener
Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Improper Neutralization of Input During Web Page Gener
Dell Wyse Management Suite versions before 5.5 contain a cross-site scripting (XSS) vulnerability that allows authentica
Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Insufficient Resource Pool vulnerability. Rated mediu
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39395
GHSA-5mhj-93x4-vf9f