CVE-2026-42100
published 2026-05-19CVE-2026-42100: Improper Handling of Syntactically Invalid Structure in Sparx Pro Cloud Server allows Denial of Service (DoS) attack to be executed by sending an specially…
PriorityP344high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.68%
47.8th percentile
Improper Handling of Syntactically Invalid Structure in Sparx Pro Cloud Server allows Denial of Service (DoS) attack to be executed by sending an specially crafted SQL query. This causes the Pro Cloud Server service to terminate unexpectedly.
The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.1 (build 167) and below were tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sparx_systems | pro_cloud_server | <= 6.1 | — |
| sparxsystems | pro_cloud_server | <= 6.1.167 | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv4.07.1HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Sparx Systems Pro Cloud Server up to 6.1 syntactically invalid structure
vuldb·2026-05-19·CVSS 7.1
CVE-2026-42100 [HIGH] Sparx Systems Pro Cloud Server up to 6.1 syntactically invalid structure
A vulnerability categorized as problematic has been discovered in Sparx Systems Pro Cloud Server up to 6.1. This affects an unknown part. Such manipulation leads to improper handling of syntactically invalid structure.
This vulnerability is uniquely identified as CVE-2026-42100. The attack can be launched remotely. No exploit exists.
GHSA
GHSA-r2pf-hp27-79jw: Improper Handling of Syntactically Invalid Structure in Sparx Pro Cloud Server allows Denial of Service (DoS) attack to be executed by sending an spec
ghsa_unreviewed·2026-05-19
CVE-2026-42100 [HIGH] CWE-228 GHSA-r2pf-hp27-79jw: Improper Handling of Syntactically Invalid Structure in Sparx Pro Cloud Server allows Denial of Service (DoS) attack to be executed by sending an spec
Improper Handling of Syntactically Invalid Structure in Sparx Pro Cloud Server allows Denial of Service (DoS) attack to be executed by sending an specially crafted SQL query. This causes the Pro Cloud Server service to terminate unexpectedly.
The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.1 (build 167) and below were tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-19
Published