CVE-2026-42098

Authorization Bypass in Sparx Enterprise Architect

CVSS 8.7 HIGHEPSS 0.4%CWE-603

In short

Sparx Enterprise Architect has a flaw that allows an authenticated attacker to bypass user role restrictions by modifying the client application, enabling them to log in as any user—including administrators—and make unauthorized changes to the repository.

Technical detail

CWE-603 authorization bypass in Sparx Enterprise Architect permits an authenticated attacker to circumvent role-based access controls by manipulating client-side behavior (e.g., via debugging), allowing impersonation of arbitrary users and full repository modification. Pre-condition: valid authentication credentials; impact: complete loss of access control enforcement on all repository operations. Confirmed in version 17.1 and below; other versions untested.

Summary generated and translated by AI from the official description.

Sparx Enterprise Architect software has a security feature that limits user's actions to those specified in the role. An authenticated attacker can modify the Enterprise Architect client behavior (e.g. using a debugger) and log in as any other user or administrator - then it is possible to do every possible change to the repository. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 17.1 and below were tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

Sparx Systems · Enterprise Architect

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://cert.pl/en/posts/2026/05/CVE-2026-42096 https://efigo.pl/blog/CVE-2026-42096/https://sparxsystems.com/products/ea/https://sploit.tech/2026/05/19/Sparx-Enterprise-Architect-PCS.html