CVE-2026-42072 — 神龙十问 AI 深度分析摘要

- 🚨 **CVE-2026-42072**: NornicDB Bolt Server binds to all interfaces by default. >- Even with config set, **Bolt port** listens on `0.0.0.0`. >- 🔓 Exposes DB & **default admin:password** in LAN.…

- 🛠️ **Root Cause**: Config not passed to Bolt server. >- `--address` & env vars work for HTTP ✅ but NOT for Bolt ❌. >- 🧱 Likely **CWE-400**: Uncontrolled Resource Consumption / Exposure.…

- 🎯 **Affected**: NornicDB versions **< 1.0.42-hotfix**. >- 📦 Component: **Bolt Server** (graph traversal & write API). >- 🖥️ Any OS running vulnerable version in LAN.

- 🕵️ **Attackers** in LAN can: > - 🔓 Login via **admin/password**. > - 📂 Read/modify **graph & vector data**. > - ⚙️ Execute **write ops & traversals**. >- 💀 **Privilege**: Full control (no auth needed).

- 🟢 **Exploitation threshold LOW**. >- 🚪 No auth needed. >- 🌐 Just need LAN access. >- ⚙️ Works even if user tried to restrict binding.

- 🔍 **No public PoC** listed. >- `pocs`: empty. >- ❌ Not marked as exploited in wild (per data). >- 📉 But risk still HIGH due to simplicity.

- 🧪 **Self-check steps**: > - Run `netstat -tulnp` or `ss -ltnp`. > - Check if Bolt port (default?) binds to `0.0.0.0`. > - ✅ Confirm version < 1.0.42-hotfix.…

- ✅ **Fixed in v1.0.42-hotfix**. >- 🔧 Commit: `adce4f9a`. >- 📢 Advisory: [GHSA-2hp7-65r3-wv54](https://github.com/orneryd/NornicDB/security/advisories/GHSA-2hp7-65r3-wv54).…

- 🚧 **If no patch**: > - 🔥 Block Bolt port via firewall (LAN-level). > - 🚫 Disable Bolt if unused. > - 🔐 Change default `admin` password ASAP (if accessible). > - 🏗️ Isolate NornicDB host in private VLAN.

- 🚨 **Urgent: YES**. >- 🔺 CVSS: **9.8 (Critical)** → `AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H`. >- 📍 Trivial to exploit in LAN. >- 💡 Patch immediately or apply strict network controls.