CVE-2026-42100 is a high-severity denial-of-service issue affecting Sparx Pro Cloud Server. According to the supplied description, a specially crafted SQL query can trigger improper handling of syntactically invalid structure and cause the Pro Cloud Server service to terminate unexpectedly. The corpus confirms vulnerability in version 6.1 (build 167) and earlier tested builds, but it does not establish a [truncated]
CVE-2026-42099 is a race condition issue in Sparx Pro Cloud Server’s /data_api/dl_internal_artifact.php endpoint. According to the supplied sources, the application writes downloaded content into the current directory under a filename influenced by the request, and an attacker with repository access may be able to control both the filename and the file contents. Although the file is normally deleted after [truncated]
CVE-2026-42098 describes an authenticated role-bypass issue in Sparx Enterprise Architect. According to the supplied sources, an attacker can alter client behavior to bypass the intended role-based limits, impersonate another user or administrator, and then make arbitrary changes in the repository. The issue is rated HIGH (CVSS 8.7) and maps to CWE-603.
CVE-2026-42097 describes a critical authentication-bypass issue in Sparx Pro Cloud Server where request handling depends on a URL parameter. According to the supplied sources, an attacker can omit the "model" query parameter and place the model name in the POST binary blob, which can lead to SQL query execution without authentication. The issue was published on 2026-05-19, and the vendor was reportedly no [truncated]
CVE-2026-42096 is a broken access control issue in Sparx Pro Cloud Server. The advisory says a low-privileged user can run arbitrary SQL queries in the database user context because permission checks are missing in the application-to-database path. The source notes that version 6.1 (build 167) and below were tested and confirmed vulnerable, while later versions were not tested and the vendor did not provi [truncated]
