DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-2HP7-65R3-WV54: GHSA-2HP7-65R3-WV54: Critical Improper Network Binding in NornicDB Bolt Server

#security #cve #cybersecurity #ghsa

GHSA-2HP7-65R3-WV54: Critical Improper Network Binding in NornicDB Bolt Server

Vulnerability ID: GHSA-2HP7-65R3-WV54
CVSS Score: 9.8
Published: 2026-04-22

NornicDB versions prior to v1.0.42-hotfix contain a critical improper network binding vulnerability in the Bolt server component. The server fails to honor explicit host binding configurations, instead attaching to the wildcard network interface (0.0.0.0). This exposure permits unauthenticated remote network attackers to connect directly via the Neo4j Bolt protocol and execute arbitrary Cypher queries against the database.

TL;DR

NornicDB's Bolt server binds to all network interfaces on port 7687 regardless of user configuration, allowing unauthenticated remote access to graph and vector data. Administrators must upgrade to v1.0.42-hotfix to enforce localhost default binding and secure the database.

⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-1327
  • Attack Vector: Network
  • CVSS v3.1 Score: 9.8 (Critical)
  • Exploit Status: Proof-of-Concept via Cypher Shell
  • Affected Component: pkg/bolt/server.go
  • Patched Version: v1.0.42-hotfix

Affected Systems

  • NornicDB Bolt Server Component (pkg/bolt/server.go)
  • NornicDB: < v1.0.42-hotfix (Fixed in: v1.0.42-hotfix)

Code Analysis

Commit: adce4f9

Fix: enforce explicit host binding for Bolt server, resolve address hierarchy

Mitigation Strategies

  • Upgrade to NornicDB version v1.0.42-hotfix or newer.
  • Implement network firewalls or Security Groups to block unauthorized access to TCP port 7687.
  • Explicitly configure the NORNICDB_BOLT_ADDRESS environment variable to 127.0.0.1 on patched versions.

Remediation Steps:

  1. Verify current vulnerability status by running 'ss -tlnp | grep 7687' to check socket bindings.
  2. Download the v1.0.42-hotfix release from the official repository.
  3. Stop the NornicDB service gracefully.
  4. Replace the binary with the updated version.
  5. Restart the NornicDB service and re-run the socket verification command to ensure the port is bound to 127.0.0.1.

References

Read the full report for GHSA-2HP7-65R3-WV54 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)