Nornicdb is a distributed low-latency, Graph+Vector, Temporal MVCC with all sub-ms HNSW search, graph traversal, and writes. Prior to version 1.0.42-hotfix, the --address CLI flag (and NORNICDB_ADDRESS / server.host config key) is plumbed through to the HTTP server correctly but never reaches the Bolt server config. The Bolt listener therefore always binds to the wildcard address (all interfaces), regardless of what the user configures. On a LAN, this exposes the graph database — with its default admin:password credentials — to any device sharing the network. This issue has been patched in version 1.0.42-hotfix.
The CLI flag --address and related configuration keys (NORNICDB_ADDRESS / server.host) are correctly passed to the HTTP server, but never reach the Bolt server configuration. As a result, the Bolt listener always binds to a wildcard address (0.0.0.0), meaning it listens on all available network interfaces. Any device on the same LAN can connect to the database instance, and default credentials (admin:password) enable full administrative access without additional barriers.
An unauthenticated attacker on the local network can gain full access to the NornicDB graph database, enabling reading, modification and deletion of stored data, as well as potential takeover of the entire database instance.
Update NornicDB to version 1.0.42-hotfix, which corrects the bug in passing address configuration to the Bolt server. Until the patch is deployed, it is recommended to change default credentials and isolate the network to restrict access to the Bolt port only to trusted hosts (e.g., using a firewall).
NornicDB in versions prior to 1.0.42-hotfix
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H