Dell Wyse Management Suite: Four Vulnerabilities Including SQLi Disclosed Together
Dell disclosed four vulnerabilities in Wyse Management Suite (WMS) versions prior to 2605 on June 22, 2026, including SQL injection and default credential flaws.

Key findings
- Four vulnerabilities in Dell Wyse Management Suite (WMS) disclosed on June 22, 2026.
- Two SQL injection flaws (CVE-2026-44271, CVE-2026-44272) allow unauthorized remote access.
- A default credentials vulnerability (CVE-2026-44273) enables information disclosure.
- A file access vulnerability (CVE-2026-44274) permits unauthorized local access.
- All vulnerabilities affect versions prior to WMS 2605; upgrade to WMS 2605 or later is recommended.
On June 22, 2026, Dell disclosed a batch of four vulnerabilities affecting Dell Wyse Management Suite (WMS), versions prior to WMS 2605. The vulnerabilities, disclosed together within a 13-minute window, present a significant risk to organizations utilizing this remote management solution. The cluster includes two SQL injection flaws, a default credentials issue, and a file access vulnerability, all of which could lead to unauthorized access or information disclosure.
Two of the disclosed vulnerabilities, CVE-2026-44271 and CVE-2026-44272, are SQL injection flaws. These vulnerabilities stem from improper neutralization of special elements used in SQL commands. A low-privileged attacker with remote access could exploit these weaknesses to gain unauthorized access to the WMS system.
Adding to the severity, CVE-2026-44273 is a use of default credentials vulnerability. This flaw allows a high-privileged attacker with local access to potentially exploit the system and disclose sensitive information.
The fourth vulnerability, CVE-2026-44274, involves improper link resolution before file access. Similar to the SQL injection flaws, a low-privileged attacker with local access could exploit this to achieve unauthorized access to the WMS.
All four vulnerabilities affect Dell Wyse Management Suite versions prior to WMS 2605. The disclosure on June 22, 2026, highlights the importance of keeping this critical management software updated to mitigate the risk of these security weaknesses. Users are advised to upgrade to WMS 2605 or later to address these issues.
This batch of vulnerabilities underscores the need for diligent security practices when managing IT infrastructure with centralized tools like Dell Wyse Management Suite. Prompt patching and regular security audits are crucial to prevent exploitation and maintain the integrity of sensitive data and system access.