Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
NornicDB Bolt Server Listens on All Network Interfaces
GHSA-2hp7-65r3-wv54
Summary
A bug in NornicDB's Bolt server causes it to listen on all network interfaces instead of the specified address. This allows unauthorized access to the graph database on local networks. To fix, update to the latest version of NornicDB, which corrects this issue. In the meantime, consider running NornicDB on a private network or behind a firewall to minimize risk.
What to do
- Update github.com orneryd to version 1.0.42-hotfix.
- Update orneryd github.com/orneryd/nornicdb to version 1.0.42-hotfix.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| go | github.com | orneryd |
< 1.0.42-hotfix Fix: upgrade to 1.0.42-hotfix
|
| Go | orneryd | github.com/orneryd/nornicdb |
< 1.0.42-hotfix Fix: upgrade to 1.0.42-hotfix
|
Original title
NornicDB has Improper Network Binding in its Bolt Server, allowing unauthorized remote access in github.com/orneryd/nornicdb
Original description
NornicDB has Improper Network Binding in its Bolt Server, allowing unauthorized remote access in github.com/orneryd/nornicdb
ghsa CVSS3.1
9.8
Vulnerability type
CWE-1392
- https://github.com/orneryd/NornicDB/releases/tag/v1.0.42
- https://nvd.nist.gov/vuln/detail/CVE-2026-42072
- https://github.com/orneryd/NornicDB/security/advisories/GHSA-2hp7-65r3-wv54
- https://github.com/orneryd/NornicDB/commit/adce4f9a9fc7b6aada07c0bfa2d737cd7a6ef...
- https://github.com/orneryd/NornicDB/releases/tag/v1.0.42-hotfix
- https://github.com/advisories/GHSA-2hp7-65r3-wv54
Published: 20 May 2026 · Updated: 29 May 2026 · First seen: 22 Apr 2026