CVE-2026-42097

8.8 HIGH

Sparx Pro Cloud Server requires authentication based on requested URL

Published: 2026-05-19 · Last updated: 2026-06-02

Severity and scoring

CVSS: 8.8 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-639

Affected products

Vendor	Product
sparxsystems	pro_cloud_server

Description

Sparx Pro Cloud Server requires authentication based on requested URL. An attacker can omit the "model" query parameter and send the model name only in the binary blob in POST request allowing SQL query execution without authentication. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.1 (build 167) and below were tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-42097
[Other]https://cert.pl/en/posts/2026/05/CVE-2026-42096
[Other]https://efigo.pl/blog/CVE-2026-42096/
[Other]https://sparxsystems.com/products/procloudserver/
[Exploit reference]https://sploit.tech/2026/05/19/Sparx-Enterprise-Architect-PCS.html

Related CVEs

Same vendor

CVE-2026-42100 — Improper Handling of Syntactically Invalid Structure in Sparx Pro Cloud Server allows Denial of Service (DoS) attack to be executed by se... (7.5 HIGH)
CVE-2026-42099 — Sparx Pro Cloud Server is vulnerable to a Race Condition in the /data_api/dl_internal_artifact.php endpoint (7.5 HIGH)
CVE-2026-42096 — Sparx Pro Cloud Server is vulnerable to Broken Access Control within communication with the database (8.8 HIGH)
CVE-2025-15625 — Unauthenticated user is able to execute arbitrary SQL commands in Sparx Pro Cloud Server database in certain cases (9.8 CRITICAL)
CVE-2025-15624 — Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd (7.5 HIGH)

Same CWE

CVE-2026-47238 — ClipBucket v5 is an open source video sharing platform (6.5 MEDIUM)
CVE-2026-47189 — Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support
CVE-2026-7787 — IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authenticatio... (7.5 HIGH)
CVE-2026-8406 — openSIS Classic 9.3 contains an insecure direct object reference vulnerability in the messaging module
CVE-2026-6976 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.... (3.7 LOW)