{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22765", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "state": "PUBLISHED", "assignerShortName": "dell", "dateReserved": "2026-01-09T18:05:08.764Z", "datePublished": "2026-02-24T19:24:21.497Z", "dateUpdated": "2026-03-20T19:43:03.739Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2026-03-20T19:43:03.739Z"}, "datePublic": "2026-02-24T18:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-862", "description": "CWE-862: Missing Authorization", "type": "CWE"}]}], "affected": [{"vendor": "Dell", "product": "Wyse Management Suite", "versions": [{"status": "affected", "version": "0", "lessThan": "5.5*", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of Privileges.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<span>Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of Privileges.</span>"}]}], "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000429141/dsa-2026-103", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22765", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-26T04:56:00.568547Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T14:44:07.504Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22765", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-26T04:56:00.568547Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-24T21:13:58.813Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Dell", "product": "Wyse Management Suite", "versions": [{"status": "affected", "version": "0", "lessThan": "5.5*", "versionType": "semver"}], "defaultStatus": "unaffected"}], "datePublic": "2026-02-24T18:00:00.000Z", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000429141/dsa-2026-103", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of Privileges.", "supportingMedia": [{"type": "text/html", "value": "<span>Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of Privileges.</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862: Missing Authorization"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2026-03-20T19:43:03.739Z"}}}, "cveMetadata": {"cveId": "CVE-2026-22765", "state": "PUBLISHED", "dateUpdated": "2026-03-20T19:43:03.739Z", "dateReserved": "2026-01-09T18:05:08.764Z", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "datePublished": "2026-02-24T19:24:21.497Z", "assignerShortName": "dell"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dell:wyse_management_suite:*:*:*:*:*:*:*:*", "matchCriteriaId": "2785B726-7FD1-41C8-91F9-46100C01E215", "versionEndExcluding": "5.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of Privileges."}], "id": "CVE-2026-22765", "lastModified": "2026-02-25T14:50:10.063", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security_alert@emc.com", "type": "Secondary"}]}, "published": "2026-02-24T20:27:46.790", "references": [{"source": "security_alert@emc.com", "tags": ["Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000429141/dsa-2026-103"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security_alert@emc.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,5.5)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Wyse Management Suite", "source": "cna", "vendor": "Dell"}, "product": "wyse_management_suite", "vendor": "dell"}], "analysis": {"en": {"generated_at": "2026-04-16T06:09:17.244297+00:00", "value": {"mitigation_remediation": ["Update Dell Wyse Management Suite to version 5.5 or later to apply the vendor\u2011supplied fix.", "If an update cannot be applied immediately, block unauthorized remote access to the WMS by firewall or network segmentation until the patch is installed.", "Apply the principle of least privilege to the user accounts interacting with WMS, ensuring no users have excessive rights beyond what is required for their role."], "summary": {"action": "Immediate Patch", "impact": "Elevation of Privileges via Missing Authorization"}, "threat_synthesis": {"affected_systems": "The flaw exists in Dell Wyse Management Suite, versions prior to 5.5. Users running any of these older releases are exposed.", "description_and_impact": "Dell Wyse Management Suite suffers from a missing authorization flaw that allows a low\u2011privileged attacker with remote access to increase their privileges. The vulnerability is a classic authorization bypass (CWE\u2011862) and can lead to full control of the affected system if exploited.", "risk_and_exploitability": "The CVSS score of 8.8 signals a high severity risk, while the EPSS score of less than 1% indicates that widespread exploitation is currently unlikely. The vulnerability is not listed in the CISA KEV catalog, suggesting no confirmed widespread attacks yet. However, because the flaw permits remote privilege elevation, it remains a critical risk for environments where the suite is exposed to remote networks."}}}}, "created": "2026-02-25T11:35:38.271870+00:00", "title": "Missing Authorization in Dell Wyse Management Suite Allows Remote Elevation of Privileges", "updated": "2026-04-16T06:15:26.913812+00:00", "vendors": ["dell", "dell$PRODUCT$wyse_management_suite"]}