Dell Wyse Management Suite vulnerabilities

CVE-2026-22765 [HIGH] CWE-862 CVE-2026-22765: Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Missing Authorization vulnerability Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of Privileges.

CVE-2026-22766 [HIGH] CWE-434 CVE-2026-22766: Dell Wyse Management Suite, versions prior to WMS 5.5, contain an Unrestricted Upload of File with D Dell Wyse Management Suite, versions prior to WMS 5.5, contain an Unrestricted Upload of File with Dangerous Type vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote execution.

CVE-2026-23858 [MEDIUM] CWE-79 CVE-2026-23858: Dell Wyse Management Suite, versions prior to WMS 5.5, contain an Improper Neutralization of Input D Dell Wyse Management Suite, versions prior to WMS 5.5, contain an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Script Injection.

CVE-2026-23859 [LOW] CWE-602 CVE-2026-23859: Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Client-Side Enforcement of Server-S Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Client-Side Enforcement of Server-Side Security vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability to Protection mechanism bypass.

CVE-2025-36575 [HIGH] CWE-202 CVE-2025-36575: Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Exposure of Sensitive Information Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Exposure of Sensitive Information Through Data Queries vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.

CVE-2025-36574 [HIGH] CWE-36 CVE-2025-36574: Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Absolute Path Traversal vulnerabil Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Absolute Path Traversal vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure and Unauthorized access.

CVE-2025-36578 [MEDIUM] CWE-863 CVE-2025-36578: Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Incorrect Authorization vulnerabil Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Incorrect Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.

CVE-2025-36577 [MEDIUM] CWE-79 CVE-2025-36577: Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Improper Neutralization of Input D Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.

CVE-2025-36580 [MEDIUM] CWE-79 CVE-2025-36580: Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Improper Neutralization of Input D Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection

CVE-2025-36576 [LOW] CWE-352 CVE-2025-36576: Dell Wyse Management Suite, versions prior to WMS 5.2, contain a Cross-Site Request Forgery (CSRF) v Dell Wyse Management Suite, versions prior to WMS 5.2, contain a Cross-Site Request Forgery (CSRF) vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Server-side request forgery.

CVE-2025-27695 [MEDIUM] CWE-290 CVE-2025-27695: Dell Wyse Management Suite, versions prior to WMS 5.1 contain an Authentication Bypass by Spoofing v Dell Wyse Management Suite, versions prior to WMS 5.1 contain an Authentication Bypass by Spoofing vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information Disclosure.

CVE-2025-29981 [HIGH] CWE-202 CVE-2025-29981: Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Exposure of Sensitive Information Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Exposure of Sensitive Information Through Data Queries vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.

CVE-2025-27692 [MEDIUM] CWE-434 CVE-2025-27692: Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Unrestricted Upload of File with Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Unrestricted Upload of File with Dangerous Type vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service, Information disclosure, and Remote execution

CVE-2025-27694 [MEDIUM] CWE-410 CVE-2025-27694: Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Insufficient Resource Pool vulne Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Insufficient Resource Pool vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.

CVE-2025-27693 [MEDIUM] CWE-79 CVE-2025-27693: Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Improper Neutralization of Input Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.

CVE-2025-29982 [MEDIUM] CWE-277 CVE-2025-29982: Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Insecure Inherited Permissions vu Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Insecure Inherited Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.

CVE-2024-49597 [HIGH] CWE-307 CVE-2024-49597: Dell Wyse Management Suite, versions WMS 4.4 and prior, contain an Improper Restriction of Excessive Dell Wyse Management Suite, versions WMS 4.4 and prior, contain an Improper Restriction of Excessive Authentication Attempts vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass.

CVE-2024-49595 [HIGH] CWE-294 CVE-2024-49595: Dell Wyse Management Suite, version WMS 4.4 and before, contain an Authentication Bypass by Capture- Dell Wyse Management Suite, version WMS 4.4 and before, contain an Authentication Bypass by Capture-replay vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.

CVE-2024-49596 [MEDIUM] CWE-862 CVE-2024-49596: Dell Wyse Management Suite, version WMS 4.4 and prior, contain a Missing Authorization vulnerability Dell Wyse Management Suite, version WMS 4.4 and prior, contain a Missing Authorization vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service and arbitrary file deletion

CVE-2023-32482 [MEDIUM] CWE-285 CVE-2023-32482: Wyse Management Suite versions prior to 4.0 contain an improper authorization vulnerability. An aut Wyse Management Suite versions prior to 4.0 contain an improper authorization vulnerability. An authenticated malicious user with privileged access can push policies to unauthorized tenant group.