Missing Authorization Vulnerability in Dell Wyse Management Suite
CVE-2026-22765
What is CVE-2026-22765?
CVE-2026-22765 is a vulnerability identified in the Dell Wyse Management Suite, specifically versions prior to 5.5. This software is designed to streamline the management of thin client devices within virtual desktop infrastructure (VDI) environments, enabling organizations to efficiently deploy and manage desktops, applications, and services. The vulnerability manifests as a missing authorization flaw, allowing a low privileged attacker with remote access to exploit it. If successfully exploited, this could enable the attacker to elevate their privileges within the system, potentially leading to unauthorized access to sensitive configurations, data, and management functions of the client devices.
Potential impact of CVE-2026-22765
-
Elevation of Privileges: Attackers could gain unauthorized administrative access, allowing them to manipulate system settings and configurations, potentially leading to broader network compromises.
-
Data Exposure: With elevated privileges, attackers can access confidential data stored on managed devices, resulting in data breaches that could expose sensitive organizational information.
-
System Integrity Threats: The ability to modify system settings or deploy unauthorized software could compromise the integrity of managed systems, making them susceptible to further attacks or manipulation.
Affected Version(s)
Wyse Management Suite 0 < 5.5*
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved