← All CVEs

CVE-2026-49506

HIGH 7.2

Published 2026-06-25 · Last modified 2026-06-26

Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote Code Execution.

ELEVATED IMPACT

Severe if exploited (CVSS 7.2), but no known exploitation and low modeled probability. Patch on a normal cadence.

Exploitation likelihood

0.5%chance of exploitation in 30 days · 42nd percentile

○ In CISA KEV ○ Public exploit / PoC

Impact if exploited

7.2CVSS 3.1 · HIGH

  • ConfidentialityHigh
  • IntegrityHigh
  • AvailabilityHigh

What an attacker needs

  • Access: Reachable over the network — no local access needed
  • Privileges: Requires an admin / high-privilege account
  • User interaction: No user interaction needed
  • Complexity: No special conditions — reliably repeatable

✓ lowers the bar for an attacker · ⚠ raises it

Affected

Vendors Dell

Products Wyse Management Suite

Weakness (CWE)

  • CWE-22: Path traversal

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Sources: NVD · CVE.org · EPSS