CVE-2026-22766

High

Published: 24 February 2026

Published

24 February 2026

Modified

25 February 2026

KEV Added

—

Patch

—

CVSS Score 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0032 54.6th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-22766 is a high-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Dell Wyse Management Suite. Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 45.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique.

Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

MP-7 Media Use

addresses: CWE-434

Requiring identifiable owners for portable devices reduces the attack surface for unrestricted uploads of dangerous file types via anonymous media.

SC-44 Detonation Chambers

addresses: CWE-434

Dangerous file uploads can be detonated in the chamber to determine malice before any production write or execution occurs.

SC-51 Hardware-based Protection

addresses: CWE-434

Prevents unrestricted writing of arbitrary or malicious firmware by keeping hardware write-protect enabled except under tightly controlled manual procedures.

SI-3 Malicious Code Protection

addresses: CWE-434

Scans files from external sources on download/open/execute, blocking unrestricted uploads of dangerous file types.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1505.003 Web Shell Persistence

Adversaries may backdoor web servers with web shells to establish persistent access to systems.

attack.mitre.org →

Why these techniques?

Unrestricted file upload (CWE-434) on public-facing WMS server directly enables web shell deployment for RCE via T1190 exploitation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Dell Wyse Management Suite, versions prior to WMS 5.5, contain an Unrestricted Upload of File with Dangerous Type vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote execution.

Deeper analysisAI

CVE-2026-22766 is an Unrestricted Upload of File with Dangerous Type vulnerability (CWE-434) affecting Dell Wyse Management Suite (WMS) in versions prior to 5.5. This flaw allows unauthorized file uploads that could lead to remote code execution. The vulnerability received a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact on confidentiality, integrity, and availability.

A high-privileged attacker with remote network access can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation enables remote code execution on the affected WMS server, potentially allowing full system compromise within the attacker's privilege scope.

Dell Security Advisory DSA-2026-103, available at https://www.dell.com/support/kbdoc/en-us/000429141/dsa-2026-103, provides details on mitigation and patching instructions for this issue. Security practitioners should upgrade to WMS 5.5 or later to address the vulnerability.