Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
CVE-2026-42072: Nornicdb exposes database to network devices without a fix
CVE-2026-42072
GO-2026-4967
Summary
If you're using Nornicdb version 1.0.42 or earlier, your graph database is accessible to other devices on the same network. This is because the database is set to accept connections from any device, using default admin credentials. To fix this, update to version 1.0.42-hotfix or later.
What to do
- Update github.com orneryd to version 1.0.42-hotfix.
- Update orneryd github.com/orneryd/nornicdb to version 1.0.42-hotfix.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| go | github.com | orneryd |
< 1.0.42-hotfix Fix: upgrade to 1.0.42-hotfix
|
| Go | orneryd | github.com/orneryd/nornicdb |
< 1.0.42-hotfix Fix: upgrade to 1.0.42-hotfix
|
Original title
NornicDB has Improper Network Binding in its Bolt Server, allowing unauthorized remote access in github.com/orneryd/nornicdb
Original description
NornicDB has Improper Network Binding in its Bolt Server, allowing unauthorized remote access in github.com/orneryd/nornicdb
nvd CVSS3.1
9.8
Vulnerability type
CWE-1392
- https://github.com/orneryd/NornicDB/commit/adce4f9a9fc7b6aada07c0bfa2d737cd7a6ef...
- https://github.com/orneryd/NornicDB/releases/tag/v1.0.42
- https://github.com/orneryd/NornicDB/security/advisories/GHSA-2hp7-65r3-wv54
- https://nvd.nist.gov/vuln/detail/CVE-2026-42072 Vendor Advisory
- https://github.com/orneryd/NornicDB/releases/tag/v1.0.42-hotfix URL
- https://github.com/advisories/GHSA-2hp7-65r3-wv54
Published: 20 May 2026 · Updated: 23 May 2026 · First seen: 8 May 2026