Unrated

Remote Code Execution in Dell Wyse Management Suite

IdentifiersCVE-2026-41120CWE-349

CVE-2026-41120 is a critical vulnerability in Dell Wyse Management Suite (WMS) affecting versions prior to 5.5 HF1. Dell describes the issue as an Acceptance of Extraneous Untrusted Data With Trusted Data flaw, indicating the application improperly accepts or processes untrusted data in a trusted context. According to the provided advisory context, a remote attacker with low privileges can exploit the vulnerability without user interaction, and successful exploitation can result in remote code execution on the affected WMS instance. The issue is remotely reachable over the network, has low attack complexity, and impacts the confidentiality, integrity, and availability of the target system.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation can allow arbitrary code execution on the vulnerable Dell Wyse Management Suite server. Given the stated CVSS characteristics and advisory language, this can result in full compromise of the affected management platform, including high-impact loss of confidentiality, integrity, and availability. Because WMS is a centralized management system for thin clients and endpoint devices, compromise may also enable broader administrative abuse, malware deployment, sensitive data access, and potential lateral movement within managed environments.

Mitigation

If you can’t patch tonight, do this now.

If immediate patching is not possible, restrict remote access to the Wyse Management Suite service, especially from untrusted or internet-exposed networks. Use network segmentation to limit reachability to trusted administrative hosts, increase monitoring for indicators of compromise and suspicious code execution activity, and review system logs for anomalous access or exploitation attempts. Mitigation reduces exposure but does not remove the underlying flaw; patching to 5.5 HF1 or later is required. If compromise is suspected, incident response actions should be taken because patching will not remediate prior exploitation.

Remediation

Patch, then assume compromise.

Upgrade Dell Wyse Management Suite to version 5.5 HF1 or later. Apply Dell-provided security updates promptly through the official support channel. Organizations running any WMS release prior to 5.5 HF1 should prioritize patch deployment, validate successful upgrade completion, and review Dell advisory DSA-2026-225 and associated vendor guidance for any additional update instructions.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

Dell TechnologiesWyse Management Suiteapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

8 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

8 SOURCESView more in app

cyber security newsNews

Jun 29, 2026

Critical Dell Wyse Vulnerabilities Enables Remote Code Execution Attacks

A critical remote code execution vulnerability in Dell Wyse Management Suite that can be exploited by a low-privileged remote attacker without user interaction.

cvefeed high severityNews

Jun 25, 2026

CVE-2026-41120 - Dell Wyse Management Suite: Acceptance of Extraneous Untrusted Data With Trusted Data leading to Remote Code Execution

A critical remote code execution vulnerability in Dell Wyse Management Suite caused by acceptance of extraneous untrusted data with trusted data, affecting versions prior to WMS 5.5 HF1.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity5

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2026-41120

NVD

nvd.nist.gov/vuln/detail/CVE-2026-41120

MITRE CWE · CWE-349

cwe.mitre.org