CVE-2026-41120
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk17th percentile — higher than 17% of all known CVEs
Summary
A vulnerability in Dell Wyse Management Suite (versions prior to WMS 5.5 HF1) involves accepting extraneous untrusted data along with trusted data. This allows a low-privileged attacker with remote access to execute code on the vulnerable system.
Risk Assessment
The risk to the organization includes the possibility of remote code execution by an attacker with low privileges, which could lead to compromise of the management system and potentially managed devices.
Recommendation
It is recommended to immediately update Dell Wyse Management Suite to version WMS 5.5 HF1 or later, which fixes this vulnerability.
Original NVD description (English source)
Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote Code Execution.

