Recent findings in cybersecurity have shed light on how minor logical issues in Dell Wyse Management Suite (WMS) On-Premises could lead to a complete system compromise. This discovery underscores the critical nature of maintaining robust security protocols within enterprise environments.
Chaining Vulnerabilities for System Compromise
Security experts have shown that two particular vulnerabilities, when combined, enable attackers to bypass security measures and execute remote code on the management server without authorization. The vulnerabilities, identified as CVE-2026-22765 and CVE-2026-22766, pose significant risks, allowing attackers to escalate privileges and execute arbitrary code.
The first vulnerability, CVE-2026-22765, scores a CVSS of 8.8 and involves a missing authorization check that permits low-privileged users to gain full administrative access. The second, CVE-2026-22766, rated at 7.2, enables high-privileged attackers to upload files without restriction, leading to code execution on the system.
Exploitation Process and Attack Chain
The exploitation process begins with a vulnerability in device registration, where attackers can add rogue devices using an empty group token. This initial step allows attackers to acquire a device identifier and authentication code, giving them access to the WMS API.
With these credentials, attackers exploit exposed Active Directory (AD) import routes, crafting a new administrative role group. They manipulate API endpoints to create an administrator account linked to this role, bypassing traditional authentication barriers.
Researchers have identified that attackers can either exploit a logic flaw in the password reset function or, in Pro environments with LDAP, leverage compromised domain user identifiers to gain administrative access.
Mitigation and Future Security Measures
To mitigate these vulnerabilities, Dell released WMS version 5.5 on February 23, 2026, addressing the critical flaws and breaking the exploitation chain. This update is crucial for system administrators overseeing Dell WMS On-Premises deployments to secure their environments against potential attacks.
The new version includes filters that prevent traditional path traversal attacks and safeguard the file repository settings. Administrators must promptly update their systems to prevent unauthorized access and ensure that their infrastructures are protected against these newly identified attack vectors.
Staying informed about the latest cybersecurity threats and updates is vital for maintaining robust security. Follow us for ongoing updates and insights into the evolving cybersecurity landscape. For more information, contact us with your stories or concerns.
