CVE-2026-41120 – Dell Wyse Management Suite
“One vulnerable management platform can become the gateway to an entire device fleet.”
This security update addresses five vulnerabilities affecting Dell Wyse Management Suite (WMS). CVE-2026-41120 is a Critical vulnerability that could allow a low-privileged remote attacker to achieve remote code execution through improper handling of untrusted data. The CVSS score is 9.8, which is Critical severity.
The update also addresses four High severity vulnerabilities. CVE-2026-49506 (CVSS 7.2) is a path traversal vulnerability that could allow a high-privileged remote attacker to achieve remote code execution. CVE-2026-44271 (CVSS 8.1) and CVE-2026-44272 (CVSS 8.8) are SQL injection vulnerabilities that could allow unauthorized access. CVE-2026-44274 (CVSS 7.8) is an improper link resolution vulnerability that could allow unauthorized access through local exploitation.
The update strengthens input validation, enforces secure file path handling, mitigates SQL injection risks, and improves file access protections across affected components. There is no verified evidence of active real-world exploitation or a public proof-of-concept for any of these vulnerabilities.
Key Details
- Affected Product
- Dell Wyse Management Suite
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- CWE Classification
- CWE-349