Product
NornicDB versions prior to 1.0.42-hotfix have an improper network binding vulnerability in its Bolt server, allowing unauthorized remote access because the `--address` CLI flag is not correctly plumbed through to the Bolt server config, causing the Bolt listener to always bind to the wildcard address and expose the database with default credentials.