CVE-2026-44272 Dell CVE debrief

Who should care

Organizations using Dell Wyse Management Suite (WMS) versions prior to WMS 2605 should prioritize patching this vulnerability. Low-privileged attackers with remote access could exploit this vulnerability, leading to unauthorized access. Security teams and system administrators responsible for WMS installations should take immediate action.

Technical summary

The CVE-2026-44272 vulnerability is an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Dell Wyse Management Suite (WMS). The vulnerability has a CVSS score of 8.8 and is considered HIGH severity. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The weakness is classified as CWE-89. A low-privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access.

Defensive priority

High priority should be given to patching CVE-2026-44272 in Dell Wyse Management Suite (WMS) versions prior to WMS 2605. This vulnerability has a high CVSS score and could lead to unauthorized access if exploited.

Recommended defensive actions

• Patch Dell Wyse Management Suite (WMS) to version 2605 or later
• Restrict remote access to WMS for low-privileged users
• Monitor WMS logs for suspicious SQL activity
• Implement additional security controls to detect and prevent SQL injection attacks
• Review and update WMS configurations to ensure secure settings

Evidence notes

The CVE-2026-44272 vulnerability was published on June 22, 2026, and last modified on June 26, 2026. The vulnerability has a CVSS score of 8.8 and is considered HIGH severity. Dell has provided a vendor advisory for mitigation. The CWE is classified as CWE-89.

Official resources