CVE-2026-42098

Vulnerability

Sparx Enterprise Architect software, tested up to version 17.1, contains a mechanism that enforces role-based access control. However, an authenticated attacker can modify the Enterprise Architect client's behavior (e.g., by using a debugger) to alter the user identity sent to the repository. This allows logging in as any other user or administrator, effectively bypassing the intended authorization restrictions [1]. The vendor has not disclosed a full version range, but version 17.1 and earlier are confirmed vulnerable; other versions may also be affected [1].

Exploitation

The attacker must first have valid authentication to the repository. They then modify the Enterprise Architect client in runtime, for example by attaching a debugger, to change their session context to that of another user (including an administrator). No additional privileges or user interaction are required beyond the initial authenticated session [1][2].

Impact

A successful attack grants the attacker the ability to perform all actions available to the impersonated user or administrator. This includes arbitrary modifications, deletions, or export of the entire repository contents, leading to complete compromise of confidentiality, integrity, and availability of the repository data [1].

Mitigation

No official fix or patch has been released by Sparx Systems as of the publication date. The vendor was notified but did not provide details on vulnerable version ranges or a remediation timeline [1]. Users should restrict authenticated access and monitor for unauthorized client modifications or unusual repository changes. It is recommended to apply any future vendor updates promptly and consider additional network-based controls [1][2].