Skip to main content

Enterprise Architect

1 CVEs product

Monthly

CVE-2026-42098 HIGH This Week

Privilege escalation in Sparx Enterprise Architect 17.1 and earlier allows an authenticated low-privilege user to impersonate any other user, including administrators, by tampering with the client-side application (e.g., via a debugger). Because role-based access enforcement happens in the client rather than on the server (CWE-603), an attacker who has any valid login can gain full repository control. No public exploit identified at time of analysis, although technical write-ups are referenced.

Information Disclosure Enterprise Architect
NVD VulDB
CVSS 4.0
8.7
EPSS
0.0%
EPSS 0% CVSS 8.7
HIGH This Week

Privilege escalation in Sparx Enterprise Architect 17.1 and earlier allows an authenticated low-privilege user to impersonate any other user, including administrators, by tampering with the client-side application (e.g., via a debugger). Because role-based access enforcement happens in the client rather than on the server (CWE-603), an attacker who has any valid login can gain full repository control. No public exploit identified at time of analysis, although technical write-ups are referenced.

Information Disclosure Enterprise Architect
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy