VYPR
← All advisories
High severityNVD Advisory· Published May 19, 2026· Updated May 19, 2026

CVE-2026-42100

CVE-2026-42100

Description

Improper Handling of Syntactically Invalid Structure in Sparx Pro Cloud Server allows Denial of Service (DoS) attack to be executed by sending an specially crafted SQL query. This causes the Pro Cloud Server service to terminate unexpectedly.

The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.1 (build 167) and below were tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A crafted SQL query causes Sparx Pro Cloud Server to terminate, leading to denial of service; affected versions through 6.1 build 167.

Vulnerability

Improper handling of syntactically invalid structure in Sparx Pro Cloud Server (versions up to 6.1 build 167) allows a remote attacker to send a specially crafted SQL query that causes the Pro Cloud Server service to terminate unexpectedly [1] [2].

Exploitation

An attacker with network access to the Pro Cloud Server can send a specially crafted SQL query. No authentication is required if the SQL endpoint is exposed. The attack does not require user interaction and can be executed remotely [1] [2].

Impact

Successful exploitation leads to a denial of service (DoS) condition where the Pro Cloud Server service terminates abruptly, rendering the server unavailable until manually restarted. No data corruption, disclosure, or privilege escalation is indicated [1] [2].

Mitigation

No official fix has been released. The vendor was notified but did not provide details of the vulnerability or a patched version range. Only version 6.1 (build 167) and below were tested and confirmed vulnerable; other versions may also be affected. As a workaround, restrict network access to the Pro Cloud Server and implement input validation or firewall rules to filter malformed SQL queries at the network perimeter [1] [2].

References
  1. Vulnerabilities in Sparx Systems products
  2. Multiple vulnerabilities in Sparx Pro Cloud Server and Enterprise Architect

AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.