Denial of Service Vulnerability in Sparx Pro Cloud Server by Sparx Systems
CVE-2026-42100

7.1HIGH

Key Information:

Vendor

Sparx Systems

Status
Pro Cloud Server
Vendor
CVE Published:
19 May 2026

What is CVE-2026-42100?

The Sparx Pro Cloud Server is susceptible to a denial of service attack due to improper handling of syntactically invalid SQL queries. Attackers can exploit this vulnerability by sending specially crafted SQL queries, causing the Pro Cloud Server service to terminate unexpectedly. Although the vendor was notified of the vulnerability, specific details regarding the affected versions have not been disclosed, leaving only version 6.1 (build 167) and lower confirmed as vulnerable. Users should be cautious, as other untested versions may also be at risk.

Affected Version(s)

Pro Cloud Server 0 <= 6.1

References

https://cert.pl/en/posts/2026/05/CVE-2026-42096
third-party-advisory
https://sparxsystems.com/products/procloudserver/
product
https://sploit.tech/2026/05/19/Sparx-Enterprise-Architect...
technical-description

CVSS V4

Score:
7.1
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Blazej Adamczyk (br0x) - Efigo
.