CVE-2026-42100
Awaiting Analysis Awaiting Analysis - Queue
Denial of Service in Sparx Pro Cloud Server

Publication date: 2026-05-19

Last updated on: 2026-05-19

Assigner: CERT.PL

Description
Improper Handling of Syntactically Invalid Structure in Sparx Pro Cloud Server allows Denial of Service (DoS) attack to be executed by sending an specially crafted SQL query. This causes the Pro Cloud Server service to terminate unexpectedly.  The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.1 (build 167) and below were tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-19
Last Modified
2026-05-19
Generated
2026-05-20
AI Q&A
2026-05-19
EPSS Evaluated
N/A
NVD
CVE-2026-42100
EUVD
EUVD-2026-30932
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
sparx_systems pro_cloud_server to 6.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-228 The product does not handle or incorrectly handles input that is not syntactically well-formed with respect to the associated specification.
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The provided information does not specify how the vulnerability in Sparx Pro Cloud Server affects compliance with common standards and regulations such as GDPR or HIPAA.


Can you explain this vulnerability to me?

CVE-2026-42100 is a vulnerability in Sparx Systems Pro Cloud Server versions up to 6.1 that allows a Denial of Service (DoS) attack.

The issue arises from improper handling of syntactically invalid SQL queries, which causes the Pro Cloud Server service to terminate unexpectedly when such a query is sent.

The vendor was notified but did not provide details about the vulnerability or confirm the vulnerable version range. Only Pro Cloud Server version 6.1 (build 167) and below were tested and confirmed as vulnerable.


How can this vulnerability impact me? :

This vulnerability can impact you by allowing an attacker to execute a Denial of Service (DoS) attack on the Sparx Pro Cloud Server.

By sending a specially crafted syntactically invalid SQL query, the attacker can cause the Pro Cloud Server service to terminate unexpectedly, disrupting normal operations and availability of the service.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, avoid using Sparx Systems Pro Cloud Server version 6.1 (build 167) and below, as these versions are confirmed vulnerable.

Since the vendor has not provided details or patches, consider restricting access to the Pro Cloud Server service to trusted users only to reduce the risk of a Denial of Service attack.

Monitor the service for unexpected terminations which may indicate exploitation attempts.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart