Description
Nornicdb is a distributed low-latency, Graph+Vector, Temporal MVCC with all sub-ms HNSW search, graph traversal, and writes. Prior to version 1.0.42-hotfix, the --address CLI flag (and NORNICDB_ADDRESS / server.host config key) is plumbed through to the HTTP server correctly but never reaches the Bolt server config. The Bolt listener therefore always binds to the wildcard address (all interfaces), regardless of what the user configures. On a LAN, this exposes the graph database — with its default admin:password credentials — to any device sharing the network. This issue has been patched in version 1.0.42-hotfix.
Published: 2026-05-08
Score: 9.8 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises when the Bolt listener in NornicDB fails to honor the configured address parameter, binding instead to the wildcard address on all network interfaces. This misconfiguration allows any host on the same network to reach the Bolt endpoint, which uses the database’s default credentials (admin:password). As a result, an unauthenticated or low‑privilege attacker can connect to the database and potentially execute arbitrary queries or commands via the Bolt protocol, depending on the database’s exposed capabilities. The weakness reflects improper access control, identified as CWE‑1392.

Affected Systems

The flaw affects any NornicDB release prior to the 1.0.42‑hotfix update, including version 1.0.42 itself. The update addresses the binding issue, restoring the intended local‑only configuration.

Risk and Exploitability

With a CVSS score of 9.8, this flaw is considered critical. No EPSS score is available, but the lack of a KEV listing does not diminish the inherent risk of remote exploitation through a networked interface with default passwords. The most likely attack vector is a local network access to the Bolt port, where an attacker may attempt to authenticate with the known default credentials and then use the database interface to read, modify, or delete data.

Generated by OpenCVE AI on May 8, 2026 at 17:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade NornicDB to version 1.0.42‑hotfix or newer.
  • Configure the Bolt listener to bind only to a non‑wildcard interface or disable it if not needed.
  • Change or disable the default admin credentials to prevent unauthorized authentication.

Generated by OpenCVE AI on May 8, 2026 at 17:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-2hp7-65r3-wv54 NornicDB has Improper Network Binding in its Bolt Server, allowing unauthorized remote access
History

Fri, 08 May 2026 16:30:00 +0000

Type Values Removed Values Added
Description Nornicdb is a distributed low-latency, Graph+Vector, Temporal MVCC with all sub-ms HNSW search, graph traversal, and writes. Prior to version 1.0.42-hotfix, the --address CLI flag (and NORNICDB_ADDRESS / server.host config key) is plumbed through to the HTTP server correctly but never reaches the Bolt server config. The Bolt listener therefore always binds to the wildcard address (all interfaces), regardless of what the user configures. On a LAN, this exposes the graph database — with its default admin:password credentials — to any device sharing the network. This issue has been patched in version 1.0.42-hotfix.
Title Nornicdb: Improper Network Binding in NornicDB Bolt Server allows unauthorized remote access
Weaknesses CWE-1392
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-08T15:59:42.544Z

Reserved: 2026-04-23T19:17:30.565Z

Link: CVE-2026-42072

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-08T17:16:31.447

Modified: 2026-05-08T17:16:31.447

Link: CVE-2026-42072

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-08T17:45:13Z

Weaknesses