Security Flaw in Sparx Enterprise Architect Software
CVE-2026-42098

8.7HIGH

Key Information:

Vendor

Sparx Systems

Status
Enterprise Architect
Vendor
CVE Published:
19 May 2026

What is CVE-2026-42098?

Sparx Enterprise Architect software exhibits a security vulnerability that allows an authenticated user to alter client behavior using a debugger. This flaw enables the attacker to log in as any other user or administrator, thereby gaining the ability to modify repository contents without authorization. Although the vendor was made aware of this issue, no specific details regarding vulnerable versions were provided, apart from the confirmation that version 17.1 and earlier are at risk. Other versions have not been assessed, leaving the potential for wider exposure.

Affected Version(s)

Enterprise Architect 0 <= 17.1

References

https://cert.pl/en/posts/2026/05/CVE-2026-42096
third-party-advisory
https://sparxsystems.com/products/ea/
product
https://sploit.tech/2026/05/19/Sparx-Enterprise-Architect...
technical-description

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Blazej Adamczyk (br0x) - Efigo
.