Does SonarQube account for CVE-2021-42574?

No, it doesn’t. Ref: Highlight Unicode BIDI characters as Security Hotspot