CVE Catalog

CVE-2026-44271

HighCVSS 8.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.25%

16th percentile - higher than 16% of all known CVEs

Summary

In Dell Wyse Management Suite (WMS) versions prior to 2605, an SQL injection vulnerability has been discovered. This flaw results from improper neutralization of special elements in SQL commands. It allows an attacker with low privileges and remote access to gain unauthorized access to the system.

Risk Assessment

The risk involves the possibility of unauthorized access to the WMS database by an attacker with low privileges, potentially leading to leakage or modification of sensitive data and compromise of system integrity.

Recommendation

It is recommended to immediately update Dell Wyse Management Suite to version 2605 or later, which includes a fix that eliminates the SQL injection vulnerability.

Original NVD description (English source)

Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS