EUVD-2026-28808
GHSA-2hp7-65r3-wv54
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionNVD
Nornicdb is a distributed low-latency, Graph+Vector, Temporal MVCC with all sub-ms HNSW search, graph traversal, and writes. Prior to version 1.0.42-hotfix, the --address CLI flag (and NORNICDB_ADDRESS / server.host config key) is plumbed through to the HTTP server correctly but never reaches the Bolt server config. The Bolt listener therefore always binds to the wildcard address (all interfaces), regardless of what the user configures. On a LAN, this exposes the graph database - with its default admin:password credentials - to any device sharing the network. This issue has been patched in version 1.0.42-hotfix.
AnalysisAI
NornicDB's Bolt server binds to all network interfaces (0.0.0.0) regardless of the --address CLI flag or server.host configuration, exposing the graph database with default admin:password credentials to any device on the same LAN. The HTTP server correctly honors bind address restrictions, but a configuration plumbing bug prevents the Bolt protocol listener from reading the intended host parameter. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Identify all NornicDB deployments using 'netstat -tuln | grep -E "6379|7687"' and verify bind address with 'ss -tuln' to confirm wildcard binding (0.0.0.0); immediately restrict network access via firewall rules to permit only authorized subnets. Within 7 days: Upgrade all NornicDB instances to version 1.0.42-hotfix or later; validate the Bolt listener binds to intended addresses post-upgrade using netstat verification. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today