Unrated

Remote Code Execution in Dell Wyse Management Suite

IdentifiersCVE-2026-41120CWE-349

CVE-2026-41120 is a critical vulnerability in Dell Wyse Management Suite (WMS) affecting versions prior to 5.5 HF1. Dell describes the issue as an Acceptance of Extraneous Untrusted Data With Trusted Data flaw. The available information indicates that improper handling of untrusted data within WMS can allow attacker-controlled data to be accepted in a trusted processing context. A remote attacker with low privileges can exploit the flaw over the network without user interaction, potentially resulting in remote code execution on the affected WMS instance.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation can result in remote code execution on the vulnerable Dell Wyse Management Suite server. Given the published CVSS characteristics and vendor descriptions, impact is high across confidentiality, integrity, and availability, enabling an attacker to run arbitrary code, compromise the management platform, access or manipulate managed-environment data, disrupt service operation, and potentially use the WMS instance as a foothold for further movement within the environment.

Mitigation

If you can’t patch tonight, do this now.

If immediate patching is not possible, restrict remote access to the Wyse Management Suite interface and services, especially from untrusted or internet-reachable networks. Use network segmentation to limit exposure of the management server, increase monitoring for indicators of compromise and suspicious code-execution activity, and review system and application logs for anomalous access or execution events. These measures only reduce exposure and do not eliminate the underlying vulnerability.

Remediation

Patch, then assume compromise.

Upgrade Dell Wyse Management Suite to version 5.5 HF1 or later. Apply Dell-provided security updates promptly across all affected WMS deployments and verify that no instances remain on versions prior to 5.5 HF1. Obtain the fixed release from Dell's official support channels and follow vendor guidance for deployment and post-update validation.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

Dell TechnologiesWyse Management Suiteapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

9 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

9 SOURCESView more in app

cyber security newsNews

Jun 29, 2026

Critical Dell Wyse Vulnerabilities Enables Remote Code Execution Attacks

A critical remote code execution vulnerability in Dell Wyse Management Suite that can be exploited by a low-privileged remote attacker without user interaction.

cvefeed high severityNews

Jun 25, 2026

CVE-2026-41120 - Dell Wyse Management Suite: Acceptance of Extraneous Untrusted Data With Trusted Data leading to Remote Code Execution

A critical remote code execution vulnerability in Dell Wyse Management Suite caused by acceptance of extraneous untrusted data with trusted data, affecting versions prior to WMS 5.5 HF1.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity6

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2026-41120

NVD

nvd.nist.gov/vuln/detail/CVE-2026-41120

MITRE CWE · CWE-349

cwe.mitre.org