CVE-2026-42100
7.5 HIGHImproper Handling of Syntactically Invalid Structure in Sparx Pro Cloud Server allows Denial of Service (DoS) attack to be executed by se...
Published: 2026-05-19 · Last updated: 2026-06-02
Severity and scoring
- CVSS
- 7.5 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- CWE
- CWE-228
Affected products
| Vendor | Product |
|---|---|
| sparxsystems | pro_cloud_server |
Description
Improper Handling of Syntactically Invalid Structure in Sparx Pro Cloud Server allows Denial of Service (DoS) attack to be executed by sending an specially crafted SQL query. This causes the Pro Cloud Server service to terminate unexpectedly. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.1 (build 167) and below were tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2026-42099 — Sparx Pro Cloud Server is vulnerable to a Race Condition in the /data_api/dl_internal_artifact.php endpoint (7.5 HIGH)
- CVE-2026-42097 — Sparx Pro Cloud Server requires authentication based on requested URL (8.8 HIGH)
- CVE-2026-42096 — Sparx Pro Cloud Server is vulnerable to Broken Access Control within communication with the database (8.8 HIGH)
- CVE-2025-15625 — Unauthenticated user is able to execute arbitrary SQL commands in Sparx Pro Cloud Server database in certain cases (9.8 CRITICAL)
- CVE-2025-15624 — Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd (7.5 HIGH)
Same CWE
- CVE-2025-59174 — Ericsson Packet Core Controller (PCC) versions prior to 1.39 contain a vulnerability where an attacker sending a large volume of speciall... (6.5 MEDIUM)
- CVE-2026-25657 — Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Syntactically Invalid Structure (CWE-228) vulne... (6.5 MEDIUM)