CVE-2026-42072

CRITICAL 9.8

Nornicdb: Improper Network Binding in NornicDB Bolt Server allows unauthorized remote access

CVSS Score

9.8

EPSS Score

0.0%

EPSS Percentile

0th

Nornicdb is a distributed low-latency, Graph+Vector, Temporal MVCC with all sub-ms HNSW search, graph traversal, and writes. Prior to version 1.0.42-hotfix, the --address CLI flag (and NORNICDB_ADDRESS / server.host config key) is plumbed through to the HTTP server correctly but never reaches the Bolt server config. The Bolt listener therefore always binds to the wildcard address (all interfaces), regardless of what the user configures. On a LAN, this exposes the graph database — with its default admin:password credentials — to any device sharing the network. This issue has been patched in version 1.0.42-hotfix.

CWE	CWE-1392
Vendor	orneryd
Product	nornicdb
Published	May 8, 2026

Stay Ahead of the Next One

Get instant alerts for orneryd nornicdb

Be the first to know when new critical vulnerabilities affecting orneryd nornicdb are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

orneryd / NornicDB

< 1.0.42-hotfix

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/orneryd/NornicDB/security/advisories/GHSA-2hp7-65r3-wv54 github.com: https://github.com/orneryd/NornicDB/commit/adce4f9a9fc7b6aada07c0bfa2d737cd7a6efaca github.com: https://github.com/orneryd/NornicDB/releases/tag/v1.0.42