DSA-2026-103: Security Update for Dell Wyse Management Suite (WMS) for Multiple Vulnerabilities
Summary: Dell Wyse Management Suite (WMS) remediation is available for multiple vulnerabilities that may be exploited by malicious users to compromise the affected system.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
High
Details
|
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|
CVE-2026-22765 |
Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of Privileges. |
8.8 |
|
|
CVE-2026-22766 |
Dell Wyse Management Suite, versions prior to WMS 5.5, contain an Unrestricted Upload of File with Dangerous Type vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote execution. |
7.2 |
|
|
CVE-2026-23858 |
Dell Wyse Management Suite, versions prior to WMS 5.5, contain an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Script Injection. |
5.4 |
|
|
CVE-2026-23859 |
Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Client-Side Enforcement of Server-Side Security vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability to Protection mechanism bypass. |
2.7 |
|
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
|
CVE-2026-22765 |
Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of Privileges. |
8.8 |
|
|
CVE-2026-22766 |
Dell Wyse Management Suite, versions prior to WMS 5.5, contain an Unrestricted Upload of File with Dangerous Type vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote execution. |
7.2 |
|
|
CVE-2026-23858 |
Dell Wyse Management Suite, versions prior to WMS 5.5, contain an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Script Injection. |
5.4 |
|
|
CVE-2026-23859 |
Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Client-Side Enforcement of Server-Side Security vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability to Protection mechanism bypass. |
2.7 |
Affected Products & Remediation
|
Product |
Affected Versions |
Remediated Versions |
Release Date |
Link |
|
Dell Wyse Management Suite |
Versions prior to 5.5 |
Version 5.5 or later |
02/23/2026 |
|
Product |
Affected Versions |
Remediated Versions |
Release Date |
Link |
|
Dell Wyse Management Suite |
Versions prior to 5.5 |
Version 5.5 or later |
02/23/2026 |
Revision History
|
Revision |
Date |
Description |
|
1.0 |
2026-02-24 |
Initial Release |
Acknowledgements
CVE-2026-22765, CVE-2026-22766: Dell would like to thank Alexander Zhurnakov (Positive Technologies) for reporting this issue.
Related Information
Legal Disclaimer
Affected Products
Wyse Management SuiteArticle Properties
Article Number: 000429141
Article Type: Dell Security Advisory
Last Modified: 24 Feb 2026
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.