Cyber Resilience

CVE-2026-22766

High

Published: 24 February 2026

Published
24 February 2026
Modified
25 February 2026
KEV Added
Patch
CVSS Score v3.1 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0032 55.0th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-22766 is a high-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Dell Wyse Management Suite. Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 45.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-22766 is an Unrestricted Upload of File with Dangerous Type vulnerability (CWE-434) affecting Dell Wyse Management Suite (WMS) in versions prior to 5.5. This flaw allows unauthorized file uploads that could lead to remote code execution. The vulnerability received a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact on confidentiality, integrity, and availability.

A high-privileged attacker with remote network access can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation enables remote code execution on the affected WMS server, potentially allowing full system compromise within the attacker's privilege scope.

Dell Security Advisory DSA-2026-103, available at https://www.dell.com/support/kbdoc/en-us/000429141/dsa-2026-103, provides details on mitigation and patching instructions for this issue. Security practitioners should upgrade to WMS 5.5 or later to address the vulnerability.

EU & UK References

Vulnerability details

Dell Wyse Management Suite, versions prior to WMS 5.5, contain an Unrestricted Upload of File with Dangerous Type vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote execution.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Why these techniques?

Unrestricted file upload (CWE-434) on public-facing WMS server directly enables web shell deployment for RCE via T1190 exploitation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-22765Same product: Dell Wyse Management Suite
CVE-2026-26362Same vendor: Dell
CVE-2025-46384Shared CWE-434
CVE-2025-13516Shared CWE-434
CVE-2024-13011Shared CWE-434
CVE-2025-8323Shared CWE-434
CVE-2025-21624Shared CWE-434
CVE-2026-35164Shared CWE-434
CVE-2026-2097Shared CWE-434
CVE-2026-22266Same vendor: Dell

Affected Assets

dell
wyse management suite
≤ 5.5

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces validation of uploaded file types and content to block dangerous files that enable RCE.

prevent

Restricts upload functionality and executable file types to the minimum required, eliminating the unrestricted upload vector.

prevent

Limits which privileged accounts can perform file-upload changes and enforces change-control checks on the WMS server.

References