CVE-2026-42072: CWE-1392: Use of Default Credentials in orneryd NornicDB
CVE-2026-42072 is a critical vulnerability in orneryd's NornicDB versions prior to 1. 0. 42-hotfix. The Bolt server component incorrectly binds to all network interfaces regardless of user configuration, exposing the database on LANs. This exposure allows access using default admin credentials (admin:password), creating a significant risk of unauthorized access. The issue has been addressed in version 1. 0. 42-hotfix.
AI Analysis
Technical Summary
NornicDB is a distributed graph and vector database with temporal MVCC and sub-millisecond HNSW search capabilities. Before version 1.0.42-hotfix, the --address CLI flag and related configuration keys correctly configured the HTTP server but did not affect the Bolt server listener. Consequently, the Bolt server always bound to the wildcard address (0.0.0.0), exposing the database to all devices on the local network. Since the database uses default admin credentials (admin:password), this misconfiguration allows any LAN device to connect and potentially compromise confidentiality, integrity, and availability. The vulnerability is tracked as CWE-1392 (Use of Default Credentials) and has a CVSS 3.1 score of 9.8 (critical).
Potential Impact
The vulnerability allows an attacker on the same local network to connect to the Bolt server interface of NornicDB using default administrative credentials. This can lead to full compromise of the database, including unauthorized data access, modification, and disruption of service. The exposure is due to the Bolt server binding to all interfaces regardless of user configuration, increasing the attack surface on LAN environments.
Mitigation Recommendations
This vulnerability is patched in NornicDB version 1.0.42-hotfix. Users should upgrade to this version or later to ensure the Bolt server respects the configured address binding and to eliminate exposure of default credentials on the network. No other mitigation guidance is provided or required as the fix addresses the root cause.
CVE-2026-42072: CWE-1392: Use of Default Credentials in orneryd NornicDB
Description
CVE-2026-42072 is a critical vulnerability in orneryd's NornicDB versions prior to 1. 0. 42-hotfix. The Bolt server component incorrectly binds to all network interfaces regardless of user configuration, exposing the database on LANs. This exposure allows access using default admin credentials (admin:password), creating a significant risk of unauthorized access. The issue has been addressed in version 1. 0. 42-hotfix.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
NornicDB is a distributed graph and vector database with temporal MVCC and sub-millisecond HNSW search capabilities. Before version 1.0.42-hotfix, the --address CLI flag and related configuration keys correctly configured the HTTP server but did not affect the Bolt server listener. Consequently, the Bolt server always bound to the wildcard address (0.0.0.0), exposing the database to all devices on the local network. Since the database uses default admin credentials (admin:password), this misconfiguration allows any LAN device to connect and potentially compromise confidentiality, integrity, and availability. The vulnerability is tracked as CWE-1392 (Use of Default Credentials) and has a CVSS 3.1 score of 9.8 (critical).
Potential Impact
The vulnerability allows an attacker on the same local network to connect to the Bolt server interface of NornicDB using default administrative credentials. This can lead to full compromise of the database, including unauthorized data access, modification, and disruption of service. The exposure is due to the Bolt server binding to all interfaces regardless of user configuration, increasing the attack surface on LAN environments.
Mitigation Recommendations
This vulnerability is patched in NornicDB version 1.0.42-hotfix. Users should upgrade to this version or later to ensure the Bolt server respects the configured address binding and to eliminate exposure of default credentials on the network. No other mitigation guidance is provided or required as the fix addresses the root cause.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-23T19:17:30.565Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69fe0d85cbff5d8610fb9964
Added to database: 5/8/2026, 4:21:25 PM
Last enriched: 5/8/2026, 4:36:21 PM
Last updated: 5/8/2026, 5:23:40 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.