CVE-2026-42100
Analyzed Analyzed - Analysis Complete
Denial of Service in Sparx Pro Cloud Server

Publication date: 2026-05-19

Last updated on: 2026-06-02

Assigner: CERT.PL

Description
Improper Handling of Syntactically Invalid Structure in Sparx Pro Cloud Server allows Denial of Service (DoS) attack to be executed by sending an specially crafted SQL query. This causes the Pro Cloud Server service to terminate unexpectedly.  The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.1 (build 167) and below were tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-19
Last Modified
2026-06-02
Generated
2026-06-10
AI Q&A
2026-05-19
EPSS Evaluated
2026-06-08
NVD
CVE-2026-42100
EUVD
EUVD-2026-30932
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
sparxsystems pro_cloud_server to 6.1.167 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-228 The product does not handle or incorrectly handles input that is not syntactically well-formed with respect to the associated specification.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify how the vulnerability in Sparx Pro Cloud Server affects compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-42100 is a vulnerability in Sparx Systems Pro Cloud Server versions up to 6.1 that allows a Denial of Service (DoS) attack.

The issue arises from improper handling of syntactically invalid SQL queries, which causes the Pro Cloud Server service to terminate unexpectedly when such a query is sent.

The vendor was notified but did not provide details about the vulnerability or confirm the vulnerable version range. Only Pro Cloud Server version 6.1 (build 167) and below were tested and confirmed as vulnerable.

Impact Analysis

This vulnerability can impact you by allowing an attacker to execute a Denial of Service (DoS) attack on the Sparx Pro Cloud Server.

By sending a specially crafted syntactically invalid SQL query, the attacker can cause the Pro Cloud Server service to terminate unexpectedly, disrupting normal operations and availability of the service.

Mitigation Strategies

To mitigate this vulnerability, avoid using Sparx Systems Pro Cloud Server version 6.1 (build 167) and below, as these versions are confirmed vulnerable.

Since the vendor has not provided details or patches, consider restricting access to the Pro Cloud Server service to trusted users only to reduce the risk of a Denial of Service attack.

Monitor the service for unexpected terminations which may indicate exploitation attempts.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-42100. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart