Dell Wyse Management Suite Vulnerability Advisory: SQLi, Path Traversal, Default Creds

Vulnerability Overview Dell Wyse Management Suite (WMS) contains several security vulnerabilities that could be exploited by malicious actors to compromise the system. Specifically: 1. CVE-2026-44272: SQL injection vulnerability; low-privilege attackers can exploit this remotely, leading to unauthorized access. 2. CVE-2026-44271: SQL injection vulnerability; low-privilege attackers can exploit this remotely, leading to unauthorized access. 3. CVE-2026-44274: File access permission parsing vulnerability; low-privilege attackers can exploit this locally, leading to unauthorized access. 4. CVE-2026-44273: Default credential usage vulnerability; high-privilege attackers can exploit this locally, leading to information disclosure. Affected Products Affected Product: All versions of Dell Wyse Management Suite (WMS) prior to version 2605. Affected Components: MongoDB, Log4j. Remediation Fixed Version: Dell Wyse Management Suite version 2605 or later. Release Date: June 1, 2026. Related Links: - Dell Wyse Management Suite version 2605 - Dell Wyse Management Suite Repository Additional Information CVSS Scores: - CVE-2026-44272: 8.8 - CVE-2026-44271: 8.1 - CVE-2026-44274: 7.8 - CVE-2026-44273: 6.0 Revision History: - 1.0: June 16, 2026 – Initial release. - 2.0: June 22, 2026 – Corrected CVSS vector strings for CVE-2026-44272. Acknowledgments: - CVE-2026-44271, CVE-2026-44272: Thank you to Dell’s Luong Tran (janlele91) and Huynh Dinh Vu (WinD39). - CVE-2026-44273: Thank you to Christophe Schlieppen – NATO OTAN. Legal Disclaimer Dell Technologies’ security advisories are intended to be read and used to help avoid situations that may arise from the issues described herein. Security advisories distributed by Dell Technologies are designed to deliver important security information to users of affected products. Dell Technologies assesses risk based on the diversity of installed systems and does not represent actual risk. Users should determine the applicability of the information based on their local installations and personal environments and take appropriate action. Affected Product Wyse Management Suite Feedback Users can rate the article and provide additional information. Footer Information Includes links for Account, Support, Contact Us, Resources, etc. --- Note: The page does not contain POC code or exploit code.

Goal Reached Thanks to every supporter — we hit 100%!

Dell Wyse Management Suite Vulnerability Advisory: SQLi, Path Traversal, Default Creds