External risk intelligence

Sparx Pro Cloud Server lets attackers steal data or control systems by bypassing login.

CVE advisorySeverity: CRITICAL (CVSS 9.3)

CVE-2026-42097

An external attacker can bypass security controls in Sparx Pro Cloud Server to run unauthorized database commands. This exposes sensitive project information and credentials, which could lead to the loss of proprietary intellectual property.

3Halo Surface Signal

Sparxsystems Pro Cloud Server

6.1.167 and earlier

External exposure likelihood

Halo Surface Signal score for CVE-2026-42097

Sparx Pro Cloud Server acts as a central repository for collaborative enterprise modeling data. While it functions as a gateway to facilitate remote access for teams, it is typically deployed within corporate network perimeters or behind VPNs, rather than being designed or intended for direct exposure to the public internet as a public-facing service.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Horizon Alert

Summary of the vulnerability and why it matters

This vulnerability in Sparx Pro Cloud Server allows an unauthenticated attacker to execute SQL queries by manipulating how model data is sent. This means sensitive information could be accessed or modified without any login credentials.

  • Could lead to unauthorized data access.
  • Affects systems managing critical modeling data.
  • Impacts version 6.1 and below.

Attack Path

How an attacker could exploit the issue

An unauthenticated attacker can exploit this flaw to execute arbitrary SQL queries on a Sparx Pro Cloud Server. By manipulating a POST request with a binary blob containing a model name, the attacker bypasses authentication and can inject malicious SQL commands. This could lead to data exfiltration or modification within the server.

  • No authentication required.
  • Targets model parameter in POST.
  • SQL injection without proper validation.

Live Threat

Current exploitation, exposure, and threat context

This SQL injection vulnerability in Sparx Pro Cloud Server allows unauthenticated attackers to execute arbitrary SQL queries. While the vendor's response is limited, the fact that versions 6.1 and below are confirmed vulnerable, coupled with a critical CVSS v4.0 score, suggests a potential for exploitation. Attackers may target this due to the critical nature of the affected application and the ease of exploitation.

  • Exploitable without authentication.
  • SQL injection, a common attack.
  • Vendor response is limited.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

Teams should prioritize identifying and containing instances of Sparx Pro Cloud Server running version 6.1 or below, as these are confirmed to be vulnerable to unauthenticated SQL injection. Given the critical severity and lack of a publicly disclosed patch, immediate isolation of affected services is recommended to prevent potential data compromise or system manipulation.

  • Isolate or take services offline.
  • Monitor for suspicious SQL queries.
  • Investigate for vendor patches.

Frequently asked questions

What is Sparx Pro Cloud Server and what is it used for?

Sparx Pro Cloud Server is a software used as a central repository for collaborative enterprise modeling data. It facilitates remote access for teams working on these models.

What is CVE-2026-42097, and what type of weakness does it represent?

CVE-2026-42097 is a vulnerability in Sparx Pro Cloud Server that allows an attacker to execute SQL queries without authentication. This is a type of SQL injection weakness (CWE-639).

How can an attacker exploit this vulnerability in Sparx Pro Cloud Server?

An attacker can exploit this by omitting the "model" query parameter and sending the model name within a binary blob in a POST request, which bypasses the need for authentication and allows for SQL query execution.

Who should be concerned about this vulnerability based on its Halo Surface Signal access?

Organizations should be concerned if their Sparx Pro Cloud Server is accessible from the internet or internal networks, as the vulnerability allows for unauthenticated SQL query execution.

What is the first step for responding to this Sparx Pro Cloud Server vulnerability?

The immediate first step is to identify and isolate any instances of Sparx Pro Cloud Server running version 6.1 or below to prevent potential data compromise.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished Modified