CVE-2026-42098

UNKNOWN 0.0

Authorization Bypass in Sparx Enterprise Architect

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Sparx Enterprise Architect software has a security feature that limits user's actions to those specified in the role. An authenticated attacker can modify the Enterprise Architect client behavior (e.g. using a debugger) and log in as any other user or administrator - then it is possible to do every possible change to the repository. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 17.1 and below were tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.

CWE	CWE-603
Vendor	sparx systems
Product	enterprise architect
Published	May 19, 2026
Last Updated	May 19, 2026

Stay Ahead of the Next One

Get instant alerts for sparx systems enterprise architect

Be the first to know when new unknown vulnerabilities affecting sparx systems enterprise architect are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Sparx Systems / Enterprise Architect

0 ≤ 17.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

cert.pl: https://cert.pl/en/posts/2026/05/CVE-2026-42096 sparxsystems.com: https://sparxsystems.com/products/ea/ sploit.tech: https://sploit.tech/2026/05/19/Sparx-Enterprise-Architect-PCS.html efigo.pl: https://efigo.pl/blog/CVE-2026-42096/

Credits

Blazej Adamczyk (br0x) - Efigo