CVE-2026-42072
Received Received - Intake
Information Disclosure in Nornicdb Prior to 1.0.42-hotfix

Publication date: 2026-05-08

Last updated on: 2026-05-08

Assigner: GitHub, Inc.

Description
Nornicdb is a distributed low-latency, Graph+Vector, Temporal MVCC with all sub-ms HNSW search, graph traversal, and writes. Prior to version 1.0.42-hotfix, the --address CLI flag (and NORNICDB_ADDRESS / server.host config key) is plumbed through to the HTTP server correctly but never reaches the Bolt server config. The Bolt listener therefore always binds to the wildcard address (all interfaces), regardless of what the user configures. On a LAN, this exposes the graph database β€” with its default admin:password credentials β€” to any device sharing the network. This issue has been patched in version 1.0.42-hotfix.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-08
Generated
2026-06-19
AI Q&A
2026-05-08
EPSS Evaluated
2026-06-18
NVD
CVE-2026-42072
EUVD
EUVD-2026-28808
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
nornicdb nornicdb to 1.0.42-hotfix (exc)
orneryd nornicdb to 1.0.42 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1392 The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability in Nornicdb occurs because the --address CLI flag and related configuration keys are correctly passed to the HTTP server but not to the Bolt server configuration. As a result, the Bolt listener binds to the wildcard address, meaning it listens on all network interfaces regardless of user configuration.

This causes the graph database to be exposed on the local area network (LAN) with default admin credentials (admin:password), allowing any device on the same network to access it.

This issue was fixed in version 1.0.42-hotfix.

Impact Analysis

This vulnerability can have severe impacts because it exposes the Nornicdb graph database to unauthorized access on the local network.

Since the database uses default admin credentials, any device on the LAN can potentially connect to it, leading to full compromise of confidentiality, integrity, and availability of the data.

An attacker could read sensitive data, modify or delete information, or disrupt database operations.

Detection Guidance

This vulnerability can be detected by checking if the Bolt server listener of Nornicdb is bound to the wildcard address (all interfaces) instead of the configured address. Since the Bolt listener always binds to all interfaces regardless of configuration prior to version 1.0.42-hotfix, you can verify this by inspecting active network listeners on the system.

  • Use commands like `netstat -tuln` or `ss -tuln` to list all listening TCP/UDP ports and their bound addresses.
  • Look for the Bolt server port (default port if known) bound to 0.0.0.0 or ::, indicating it listens on all interfaces.
  • Check the Nornicdb version to confirm if it is prior to 1.0.42-hotfix, as the issue is fixed in that version.
Mitigation Strategies

The immediate mitigation step is to upgrade Nornicdb to version 1.0.42-hotfix or later, where this issue has been patched.

Until the upgrade can be applied, restrict network access to the Bolt server by firewalling or network segmentation to prevent unauthorized devices on the LAN from connecting.

Additionally, change the default admin credentials from admin:password to a strong, unique password to reduce risk.

Compliance Impact

This vulnerability exposes the NornicDB graph database to unauthorized remote access on a local network due to improper network binding of the Bolt server. Because the database uses default admin:password credentials and allows execution of arbitrary Cypher queries without authentication, sensitive data stored in the database could be accessed or manipulated by unauthorized parties.

Such unauthorized access risks violating data protection regulations and standards like GDPR and HIPAA, which require strict controls on access to personal and sensitive data. The exposure of the database on all network interfaces without proper authentication undermines confidentiality and integrity requirements mandated by these regulations.

Therefore, until patched, this vulnerability could lead to non-compliance with these standards due to insufficient access controls and potential data breaches.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-42072. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart