CVE Catalog

CVE-2026-44272

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.25%

16th percentile - higher than 16% of all known CVEs

Summary

An SQL Injection vulnerability in Dell Wyse Management Suite (WMS) prior to version 2605 allows a low-privileged attacker to remotely execute unauthorized database queries. The flaw is due to improper neutralization of special elements used in SQL commands.

Risk Assessment

An attacker could gain unauthorized access to data managed by WMS, potentially leading to information disclosure or system integrity compromise.

Recommendation

Immediately update Dell Wyse Management Suite to version 2605 or later, which includes a fix for this vulnerability.

Original NVD description (English source)

Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS