Skip to main content

CWE-1327

Binding to an Unrestricted IP Address

15 CVEs Avg CVSS 6.4 MITRE
2
CRITICAL
4
HIGH
8
MEDIUM
1
LOW
1
POC
0
KEV

Monthly

CVE-2026-0481 CRITICAL Act Now

Unrestricted IP address binding in the AMD Device Metrics Exporter (ROCm ecosystem) could allow a remote attacker to perform unauthorized changes to the GPU configuration, potentially resulting in loss of availability

Amd Authentication Bypass
NVD
CVSS 4.0
9.2
EPSS
0.2%
CVE-2026-42503 HIGH PATCH This Week

Adjacent network code execution in gopls language server occurs when developers use debugging flags -listen or -port without explicit host specification. The Go language server (gopls) binds to all network interfaces (0.0.0.0) instead of localhost when these debugging flags are used, enabling unauthenticated remote code execution from adjacent network attackers. No public exploit identified at time of analysis, though the attack vector is straightforward for developers who enable network debugging in shared network environments like coffee shops or corporate LANs. EPSS data not available for this recent CVE.

Information Disclosure Golang Org X Tools Gopls
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-24015 Maven CRITICAL PATCH Act Now

Vulnerability in Apache IoTDB from 1.0.0 before 1.3.7 and from 2.0.0 before 2.0.7. Critical severity issue in the IoT time-series database platform.

Apache Iotdb
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-28395 npm MEDIUM PATCH This Month

OpenClaw Chrome extension relay server versions prior to 2026.2.12 improperly bind to all network interfaces when wildcard cdpUrl values are configured, enabling remote attackers to discover service endpoints and port information. An attacker can exploit this exposure to conduct denial-of-service attacks and brute-force attempts against the relay token authentication mechanism without requiring local access.

Google Information Disclosure Chrome
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.2%
CVE-2026-21528 MEDIUM PATCH This Month

Azure IoT Explorer binds to unrestricted IP addresses, enabling unauthenticated remote attackers to intercept and disclose sensitive information over the network. This vulnerability affects Azure IoT deployments where the Explorer tool is exposed without proper network segmentation. No patch is currently available, making network isolation the primary mitigation strategy.

Azure IoT Azure Iot Explorer
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-11538 Maven MEDIUM PATCH This Month

A vulnerability exists in Keycloak's server distribution where enabling debug mode (--debug <port>) insecurely defaults to binding the Java Debug Wire Protocol (JDWP) port to all network interfaces. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required. No vendor patch available.

RCE Java Red Hat
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-55322 HIGH This Month

Binding to an unrestricted ip address in GitHub allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Omniparser
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2024-49384 MEDIUM This Month

Excessive attack surface in acep-collector service due to binding to an unrestricted IP address. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Cyber Protect
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-49383 MEDIUM This Month

Excessive attack surface in acep-importer service due to binding to an unrestricted IP address. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Cyber Protect
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-49382 MEDIUM This Month

Excessive attack surface in archive-server service due to binding to an unrestricted IP address. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Cyber Protect
NVD
CVSS 3.1
4.3
EPSS
0.2%
EPSS 0% CVSS 9.2
CRITICAL Act Now

Unrestricted IP address binding in the AMD Device Metrics Exporter (ROCm ecosystem) could allow a remote attacker to perform unauthorized changes to the GPU configuration, potentially resulting in loss of availability

Amd Authentication Bypass
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Adjacent network code execution in gopls language server occurs when developers use debugging flags -listen or -port without explicit host specification. The Go language server (gopls) binds to all network interfaces (0.0.0.0) instead of localhost when these debugging flags are used, enabling unauthenticated remote code execution from adjacent network attackers. No public exploit identified at time of analysis, though the attack vector is straightforward for developers who enable network debugging in shared network environments like coffee shops or corporate LANs. EPSS data not available for this recent CVE.

Information Disclosure Golang Org X Tools Gopls
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Vulnerability in Apache IoTDB from 1.0.0 before 1.3.7 and from 2.0.0 before 2.0.7. Critical severity issue in the IoT time-series database platform.

Apache Iotdb
NVD VulDB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

OpenClaw Chrome extension relay server versions prior to 2026.2.12 improperly bind to all network interfaces when wildcard cdpUrl values are configured, enabling remote attackers to discover service endpoints and port information. An attacker can exploit this exposure to conduct denial-of-service attacks and brute-force attempts against the relay token authentication mechanism without requiring local access.

Google Information Disclosure Chrome
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Azure IoT Explorer binds to unrestricted IP addresses, enabling unauthenticated remote attackers to intercept and disclose sensitive information over the network. This vulnerability affects Azure IoT deployments where the Explorer tool is exposed without proper network segmentation. No patch is currently available, making network isolation the primary mitigation strategy.

Azure IoT Azure Iot Explorer
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

A vulnerability exists in Keycloak's server distribution where enabling debug mode (--debug <port>) insecurely defaults to binding the Java Debug Wire Protocol (JDWP) port to all network interfaces. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required. No vendor patch available.

RCE Java Red Hat
NVD GitHub
EPSS 0% CVSS 7.3
HIGH This Month

Binding to an unrestricted ip address in GitHub allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Omniparser
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Excessive attack surface in acep-collector service due to binding to an unrestricted IP address. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Cyber Protect
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Excessive attack surface in acep-importer service due to binding to an unrestricted IP address. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Cyber Protect
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Excessive attack surface in archive-server service due to binding to an unrestricted IP address. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Cyber Protect
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy