Home / Vulnerability Intelligence / CVE-2026-42072

CVE-2026-42072 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: May 8, 2026

Nornicdb - Broken Access Control

Published: May 8, 2026Updated: May 8, 2026Remote Exploitable

Overview

Nornicdb < 1.0.42-hotfix contains a broken access control vulnerability caused by the Bolt server binding to all interfaces ignoring configured address, letting attackers on the LAN access the database with default admin credentials, exploit requires network access to LAN.

Severity & Score

Severity: Critical

CVSS Score: 9.8

Impact

Attackers on the LAN can access the database with default admin credentials, leading to full unauthorized access and control.

Mitigation

Update to version 1.0.42-hotfix or later.

References

https://github.com/orneryd/NornicDB/commit/adce4f9a9fc7b6aada07c0bfa2d737cd7a6efaca
https://github.com/orneryd/NornicDB/releases/tag/v1.0.42
https://github.com/orneryd/NornicDB/security/advisories/GHSA-2hp7-65r3-wv54

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-42072
Severity: Critical
CVSS Score: 9.8
Type: broken_access_control
Status: new

CWE

CWE-1392

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H