Critical Exploit in Dell Wyse Management Suite Allows Full System Compromise

Critical Exploit in Dell Wyse Management Suite Allows Full System Compromise

First seen 24 Mar 2026, 16:46 UTC GbhackersCybersecuritynews 78% similarity 72.9

Article Content

Browse articles
ThreatCluster

Security researcher Aleksandr Zhurnakov from PT Security has identified a critical exploit chain in Dell Wyse Management Suite, affecting both Standard and Pro editions of the On-Premises software. The attack allows unauthenticated users to register devices using an empty group token, leading to complete system compromise. Attackers can exploit hidden logic flaws in Active Directory user import functions, even when these features are disabled. By manipulating the password reset feature, they can gain access to a newly created administrator account and upload a malicious script. This results in full remote code execution on the server. Dell has released a patch in version 5.5 to address these vulnerabilities, tracked under advisory DSA-2026-103. Immediate updates are recommended for all affected systems.

Key Points: • Critical vulnerabilities in Dell Wyse Management Suite allow full system compromise. • Attackers can exploit unauthenticated device registration and logic flaws in user import functions. • A patch has been released in version 5.5 to mitigate these vulnerabilities.

ThreatCluster AI

Timeline

2026-03-24
Article published detailing the exploit chain in Dell Wyse Management Suite.
2026-03-24
Dell released patch version 5.5 addressing the vulnerabilities.

Community

Browse all →