CVE-2026-44271 – Dell Wyse Management Suite

CVSS 8.1 IMPORTANT Critical or Zero Day – Immediate Deployment

“One vulnerable management platform can become the gateway to an entire device fleet.”

This security update addresses five vulnerabilities affecting Dell Wyse Management Suite (WMS). CVE-2026-41120 is a Critical vulnerability that could allow a low-privileged remote attacker to achieve remote code execution through improper handling of untrusted data. The CVSS score is 9.8, which is Critical severity.

The update also addresses four High severity vulnerabilities. CVE-2026-49506 (CVSS 7.2) is a path traversal vulnerability that could allow a high-privileged remote attacker to achieve remote code execution. CVE-2026-44271 (CVSS 8.1) and CVE-2026-44272 (CVSS 8.8) are SQL injection vulnerabilities that could allow unauthorized access. CVE-2026-44274 (CVSS 7.8) is an improper link resolution vulnerability that could allow unauthorized access through local exploitation.

The update strengthens input validation, enforces secure file path handling, mitigates SQL injection risks, and improves file access protections across affected components. There is no verified evidence of active real-world exploitation or a public proof-of-concept for any of these vulnerabilities.

Key Details

Affected Product
Dell Wyse Management Suite
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
CWE Classification
CWE-89
Patch this CVE on all your endpoints in under 5 minutes. First 200 endpoints are free forever, scale as needed.