Critical Vulnerabilities in Dell Wyse Management Suite Enable Remote Code Execution

Dell Technologies has disclosed critical vulnerabilities in its Wyse Management Suite (WMS) that allow remote attackers to execute arbitrary code. The vulnerabilities, identified as CVE-2026-41120 and CVE-2026-49506, affect WMS versions prior to 5.5 HF1. CVE-2026-41120, with a CVSS score of 9.8, enables low-privileged attackers to exploit the flaw without user interaction. CVE-2026-49506 is a path traversal vulnerability requiring high privileges for exploitation. Organizations using WMS are at risk of significant impacts on confidentiality, integrity, and availability. Dell has released a patch for these vulnerabilities, urging immediate upgrades. Security teams are advised to enhance monitoring and review access controls to mitigate risks. The vulnerabilities were disclosed by security researcher Tien Phan.

Key Points: • CVE-2026-41120 allows low-privileged attackers to execute remote code with a CVSS score of 9.8. • CVE-2026-49506 is a path traversal vulnerability requiring high privileges for exploitation. • Dell has released a patch for WMS, urging immediate upgrades to mitigate risks.