CVE-2026-42072
Information Disclosure in Nornicdb Prior to 1.0.42-hotfix
Publication date: 2026-05-08
Last updated on: 2026-05-08
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nornicdb | nornicdb | to 1.0.42-hotfix (exc) |
| orneryd | nornicdb | to 1.0.42 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1392 | The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in Nornicdb occurs because the --address CLI flag and related configuration keys are correctly passed to the HTTP server but not to the Bolt server configuration. As a result, the Bolt listener binds to the wildcard address, meaning it listens on all network interfaces regardless of user configuration.
This causes the graph database to be exposed on the local area network (LAN) with default admin credentials (admin:password), allowing any device on the same network to access it.
This issue was fixed in version 1.0.42-hotfix.
How can this vulnerability impact me? :
This vulnerability can have severe impacts because it exposes the Nornicdb graph database to unauthorized access on the local network.
Since the database uses default admin credentials, any device on the LAN can potentially connect to it, leading to full compromise of confidentiality, integrity, and availability of the data.
An attacker could read sensitive data, modify or delete information, or disrupt database operations.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the Bolt server listener of Nornicdb is bound to the wildcard address (all interfaces) instead of the configured address. Since the Bolt listener always binds to all interfaces regardless of configuration prior to version 1.0.42-hotfix, you can verify this by inspecting active network listeners on the system.
- Use commands like `netstat -tuln` or `ss -tuln` to list all listening TCP/UDP ports and their bound addresses.
- Look for the Bolt server port (default port if known) bound to 0.0.0.0 or ::, indicating it listens on all interfaces.
- Check the Nornicdb version to confirm if it is prior to 1.0.42-hotfix, as the issue is fixed in that version.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade Nornicdb to version 1.0.42-hotfix or later, where this issue has been patched.
Until the upgrade can be applied, restrict network access to the Bolt server by firewalling or network segmentation to prevent unauthorized devices on the LAN from connecting.
Additionally, change the default admin credentials from admin:password to a strong, unique password to reduce risk.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability exposes the NornicDB graph database to unauthorized remote access on a local network due to improper network binding of the Bolt server. Because the database uses default admin:password credentials and allows execution of arbitrary Cypher queries without authentication, sensitive data stored in the database could be accessed or manipulated by unauthorized parties.
Such unauthorized access risks violating data protection regulations and standards like GDPR and HIPAA, which require strict controls on access to personal and sensitive data. The exposure of the database on all network interfaces without proper authentication undermines confidentiality and integrity requirements mandated by these regulations.
Therefore, until patched, this vulnerability could lead to non-compliance with these standards due to insufficient access controls and potential data breaches.