CVE-2026-42100

EUVD-2026-30932

19.05.2026, 14:16

Improper Handling of Syntactically Invalid Structure in Sparx Pro Cloud Server allows Denial of Service (DoS) attack to be executed by sending an specially crafted SQL query. This causes the Pro Cloud Server service to terminate unexpectedly. 

The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.1 (build 167) and below were tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	UNKNOWN				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Common Weakness Enumeration

CWE-228 - Improper Handling of Syntactically Invalid Structure
The product does not handle or incorrectly handles input that is not syntactically well-formed with respect to the associated specification.

References

https://cert.pl/en/posts/2026/05/CVE-2026-42096

https://efigo.pl/blog/CVE-2026-42096/

https://sparxsystems.com/products/procloudserver/

https://sploit.tech/2026/05/19/Sparx-Enterprise-Architect-PCS.html