HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-41120Published Modified CNA dell

CVE-2026-41120: Dell Wyse Management Suite, versions prior to WMS 5

Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote Code Execution.

Metrics

CVSS v3.1
9.8
Severity
CRITICAL
Fixed in
Version 5.5 HF1 or later
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

This is a remote code execution vulnerability in Dell Wyse Management Suite, affecting all versions prior to 5.5 HF1. The flaw is classified as acceptance of extraneous untrusted data with trusted data, meaning the application processes attacker-supplied input alongside trusted data without adequately separating or validating it. An unauthenticated attacker reachable over the network can exploit this to execute arbitrary code on the affected system. A patched-image rebuild at version 5.5 HF1 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection of CVE-2026-41120 is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against all customer images, including custom-built images that package or extend Dell Wyse Management Suite. Any image carrying an affected version (prior to 5.5 HF1) is flagged automatically in both registry scans and CI/CD pipeline checks.

Available
Triage

HarborGuard scores this CVE at 9.8 CRITICAL using the CVSS v3.1 vector and surfaces it at the top of each affected environment's alert queue. Per-environment compliance policy weighting is applied automatically, and the finding is routed to the inbox or ticketing integration configured by each customer org.

Available
Patch

A patched-image rebuild at Dell Wyse Management Suite version 5.5 HF1 is available on HarborGuard for any environment found running an affected version. For customers who opt into auto-remediation, HarborGuard rebuilds the image, runs a regression test suite against the new image, and opens a pull request against affected workloads without requiring manual intervention.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the Wyse Management Suite service over the network; the CVSS vector specifies AV:N, meaning no local or physical access is required.

  • AuthenticationNot required

    No credentials or session token are needed; the CVSS vector specifies PR:N, so the attack is available to any unauthenticated party who can reach the service.

  • Victim interactionNot required

    No user action is required to trigger exploitation; the CVSS vector specifies UI:N, so the attacker completes the attack entirely on their own.

  • Attack complexityDetail

    Attack complexity is Low (AC:L), meaning the exploit is reliable and requires no special race conditions, memory layout knowledge, or other environmental prerequisites.

Blast Radius

  • A successful attacker executes arbitrary code in the context of the Wyse Management Suite process, gaining full control over the application runtime.
  • The attacker reads any data the service can access, including managed endpoint credentials, device configurations, and stored administrative secrets (CVSS C:H).
  • The attacker modifies or deletes persisted configuration data, enrollment records, and policy definitions for managed thin-client endpoints (CVSS I:H).
  • The attacker crashes or otherwise disrupts the Wyse Management Suite service, preventing administrators from managing or patching connected endpoints (CVSS A:H).

How HarborGuard Handles This

Available on HarborGuard: detection of this critical-severity CVE is active the moment the record is ingested, with matching applied against all images in customer registries and build pipelines. For environments where images include Dell Wyse Management Suite prior to version 5.5 HF1, a rebuilt image at the fixed version is made available automatically. For customers who opt into auto-remediation, HarborGuard rebuilds the image, executes a regression run, and opens a pull request against affected workloads; the median time from CVE publication to merged patch PR for critical-severity issues is around 90 minutes for environments with auto-remediation enabled. Where compliance policy requires manual approval, the rebuilt image and regression results are staged and routed to the appropriate approver queue. Customers who cannot immediately apply the patch should consider isolating Wyse Management Suite hosts behind strict network-policy rules to limit inbound access to trusted administrative sources only, reducing the exposure window until the patched image is promoted.

See how HarborGuard automates this

Fix available

Version 5.5 HF1 or later
Affected packages
  • Dell / Wyse Management Suite
    < Version 5.5 HF1 or later (from 0)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References