Dell Repository Manager, Wyse Management Suite: Malicious code flaws closed

If attackers successfully exploit security vulnerabilities in Dell Repository Manager or Wyse Management Suite (WMS), they can gain higher user privileges or even execute their own code. The latter typically leads to the complete compromise of systems. So far, there are no reports that attackers are already attacking systems in these cases.

With Repository Manager, admins supply the computer manufacturer's PowerEdge servers with system updates, among other things. Admins manage thin client PCs via Wyse Management Suite.

The Dangers

According to information from an advisory, the developers have closed a security vulnerability (CVE-2026-21420 "high") in Repository Manager. Prerequisites for an attack are that attackers have local access and possess low user privileges. If this is the case, they can execute malicious code and increase their privileges in an undescribed way. According to the developers, version 3.4.8 is supposed to protect against such attacks. All previous versions are vulnerable, according to the developers.

Wyse Management Suite is vulnerable to a total of four vulnerabilities. Two gaps (CVE-2026-22765, CVE-2026-22766) are classified as "high" threat level. In the first case, attackers with low privileges can escalate due to authentication errors. In the second case, attackers with high user privileges can execute their own code by uploading files infected with malicious code. This is due to an unrestricted upload function, explain the developers in an advisory. Version 5.5 remedies this.

Most recently, Dell's storage array software for the EMC Unity, UnityVSA, and Unity XT series made headlines with root security vulnerabilities.

(des)