Network-Binding

OpenClaw before 2026.4.10 contains an improper network binding vulnerability (CVE-2026-43581) that exposes the Chrome DevTools Protocol (CDP) on 0.0.0.0, allowing attackers to access the DevTools protocol outside intended local sandbox boundaries.

NornicDB versions prior to 1.0.42-hotfix have an improper network binding vulnerability in its Bolt server, allowing unauthorized remote access because the `--address` CLI flag is not correctly plumbed through to the Bolt server config, causing the Bolt listener to always bind to the wildcard address and expose the database with default credentials.