CVE-2026-44272
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk16th percentile - higher than 16% of all known CVEs
Summary
An SQL Injection vulnerability in Dell Wyse Management Suite (WMS) prior to version 2605 allows a low-privileged attacker to remotely execute unauthorized database queries. The flaw is due to improper neutralization of special elements used in SQL commands.
Risk Assessment
An attacker could gain unauthorized access to data managed by WMS, potentially leading to information disclosure or system integrity compromise.
Recommendation
Immediately update Dell Wyse Management Suite to version 2605 or later, which includes a fix for this vulnerability.
Original NVD description (English source)
Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.

