This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
- π¨ **CVE-2026-42072**: NornicDB Bolt Server binds to all interfaces by default. >- Even with config set, **Bolt port** listens on `0.0.0.0`. >- π Exposes DB & **default admin:password** in LAN.β¦
- π οΈ **Root Cause**: Config not passed to Bolt server. >- `--address` & env vars work for HTTP β but NOT for Bolt β. >- 𧱠Likely **CWE-400**: Uncontrolled Resource Consumption / Exposure.β¦
- π― **Affected**: NornicDB versions **< 1.0.42-hotfix**. >- π¦ Component: **Bolt Server** (graph traversal & write API). >- π₯οΈ Any OS running vulnerable version in LAN.
Q4What can hackers do? (Privileges/Data)
- π΅οΈ **Attackers** in LAN can: > - π Login via **admin/password**. > - π Read/modify **graph & vector data**. > - βοΈ Execute **write ops & traversals**. >- π **Privilege**: Full control (no auth needed).
Q5Is exploitation threshold high? (Auth/Config)
- π’ **Exploitation threshold LOW**. >- πͺ No auth needed. >- π Just need LAN access. >- βοΈ Works even if user tried to restrict binding.
Q6Is there a public Exp? (PoC/Wild Exploitation)
- π **No public PoC** listed. >- `pocs`: empty. >- β Not marked as exploited in wild (per data). >- π But risk still HIGH due to simplicity.
Q7How to self-check? (Features/Scanning)
- π§ͺ **Self-check steps**: > - Run `netstat -tulnp` or `ss -ltnp`. > - Check if Bolt port (default?) binds to `0.0.0.0`. > - β Confirm version < 1.0.42-hotfix.β¦