CWE-1392
Use of Default Credentials
The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality.
CVE-2026-42072 (GCVE-0-2026-42072)
Vulnerability from cvelistv5 – Published: 2026-05-08 15:59 – Updated: 2026-05-12 02:04
VLAI
Title
Nornicdb: Improper Network Binding in NornicDB Bolt Server allows unauthorized remote access
Summary
Nornicdb is a distributed low-latency, Graph+Vector, Temporal MVCC with all sub-ms HNSW search, graph traversal, and writes. Prior to version 1.0.42-hotfix, the --address CLI flag (and NORNICDB_ADDRESS / server.host config key) is plumbed through to the HTTP server correctly but never reaches the Bolt server config. The Bolt listener therefore always binds to the wildcard address (all interfaces), regardless of what the user configures. On a LAN, this exposes the graph database — with its default admin:password credentials — to any device sharing the network. This issue has been patched in version 1.0.42-hotfix.
Severity
9.8 (Critical)
CWE
- CWE-1392 - Use of Default Credentials
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/orneryd/NornicDB/security/advi… | x_refsource_CONFIRM |
| https://github.com/orneryd/NornicDB/commit/adce4f… | x_refsource_MISC |
| https://github.com/orneryd/NornicDB/releases/tag/… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-42072",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-12T02:03:01.031136Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T02:04:18.612Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "NornicDB",
"vendor": "orneryd",
"versions": [
{
"status": "affected",
"version": "\u003c 1.0.42-hotfix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nornicdb is a distributed low-latency, Graph+Vector, Temporal MVCC with all sub-ms HNSW search, graph traversal, and writes. Prior to version 1.0.42-hotfix, the --address CLI flag (and NORNICDB_ADDRESS / server.host config key) is plumbed through to the HTTP server correctly but never reaches the Bolt server config. The Bolt listener therefore always binds to the wildcard address (all interfaces), regardless of what the user configures. On a LAN, this exposes the graph database \u2014 with its default admin:password credentials \u2014 to any device sharing the network. This issue has been patched in version 1.0.42-hotfix."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1392",
"description": "CWE-1392: Use of Default Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-08T15:59:42.544Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/orneryd/NornicDB/security/advisories/GHSA-2hp7-65r3-wv54",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/orneryd/NornicDB/security/advisories/GHSA-2hp7-65r3-wv54"
},
{
"name": "https://github.com/orneryd/NornicDB/commit/adce4f9a9fc7b6aada07c0bfa2d737cd7a6efaca",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/orneryd/NornicDB/commit/adce4f9a9fc7b6aada07c0bfa2d737cd7a6efaca"
},
{
"name": "https://github.com/orneryd/NornicDB/releases/tag/v1.0.42",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/orneryd/NornicDB/releases/tag/v1.0.42"
}
],
"source": {
"advisory": "GHSA-2hp7-65r3-wv54",
"discovery": "UNKNOWN"
},
"title": "Nornicdb: Improper Network Binding in NornicDB Bolt Server allows unauthorized remote access"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-42072",
"datePublished": "2026-05-08T15:59:42.544Z",
"dateReserved": "2026-04-23T19:17:30.565Z",
"dateUpdated": "2026-05-12T02:04:18.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-44159 (GCVE-0-2026-44159)
Vulnerability from cvelistv5 – Published: 2026-05-19 13:45 – Updated: 2026-05-19 13:45 Unsupported When Assigned
VLAI
Title
Tyler Identity Local (TID-L) default administrative credentials
Summary
Tyler Identity Local (TID-L) uses documented, default administrative credentials. Users are not required to change the credentials before deployment. TID-L has not been distributed since December 2020, and has not been supported since 2021.
Severity
9.8 (Critical)
CWE
- CWE-1392 - Use of Default Credentials
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Tyler Technologies | TID-L |
Affected:
*
|
Date Public
2026-05-19 00:00
Credits
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "TID-L",
"vendor": "Tyler Technologies",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Logan Diomedi, Depth Security"
}
],
"datePublic": "2026-05-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tyler Identity Local (TID-L) uses documented, default administrative credentials. Users are not required to change the credentials before deployment. TID-L has not been distributed since December 2020, and has not been supported since 2021."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
},
{
"other": {
"content": {
"id": "CVE-2026-44159",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-05T14:43:39.779257Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1392",
"description": "CWE-1392 Use of Default Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-19T13:45:06.907Z",
"orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"shortName": "cisa-cg"
},
"references": [
{
"name": "url",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-26-138-01.json"
},
{
"name": "url",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44159"
}
],
"tags": [
"unsupported-when-assigned"
],
"title": "Tyler Identity Local (TID-L) default administrative credentials"
}
},
"cveMetadata": {
"assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"assignerShortName": "cisa-cg",
"cveId": "CVE-2026-44159",
"datePublished": "2026-05-19T13:45:06.907Z",
"dateReserved": "2026-05-05T14:32:29.625Z",
"dateUpdated": "2026-05-19T13:45:06.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7428 (GCVE-0-2026-7428)
Vulnerability from cvelistv5 – Published: 2026-05-12 09:16 – Updated: 2026-05-12 12:25 Exclusively Hosted Service
VLAI
Title
Insecure default administrative credentials in AlloyDB for PostgreSQL
Summary
Prior to 2025-11-03, well-intended users of Terraform or REST API for Google Cloud AlloyDB for PostgreSQL could have created clusters with an insecure default password which could have been exploited by a remote attacker to gain full administrative access to the database.
Exploitation required network access to the AlloyDB cluster and was limited to Terraform or the REST API, as other clients blocked it.
Severity
CWE
- CWE-1392 - Use of default credentials
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Google Cloud | AlloyDB for PostgreSQL |
Affected:
0 , < 2025-11-03
(date)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7428",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-12T12:23:39.985567Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T12:25:06.189Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AlloyDB for PostgreSQL",
"vendor": "Google Cloud",
"versions": [
{
"lessThan": "2025-11-03",
"status": "affected",
"version": "0",
"versionType": "date"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Mark Lawrenson"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cspan\u003ePrior to 2025-11-03,\u0026nbsp;\u003c/span\u003ewell-intended users of Terraform or REST API for Google Cloud AlloyDB for PostgreSQL could have created clusters\u0026nbsp;\u003cspan\u003ewith an insecure default password which could have been exploited by a\u0026nbsp;\u003c/span\u003eremote\u003cspan\u003e\u0026nbsp;attacker\u0026nbsp;\u003c/span\u003e\u003cspan\u003eto\u0026nbsp;gain full administrative access to the database.\u003c/span\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cspan\u003eExploitation required network access to the AlloyDB cluster and was limited to Terraform or the REST API, as other clients blocked it\u003c/span\u003e\u003cspan\u003e.\u003c/span\u003e"
}
],
"value": "Prior to 2025-11-03,\u00a0well-intended users of Terraform or REST API for Google Cloud AlloyDB for PostgreSQL could have created clusters\u00a0with an insecure default password which could have been exploited by a\u00a0remote\u00a0attacker\u00a0to\u00a0gain full administrative access to the database.\n\n\n\n\nExploitation required network access to the AlloyDB cluster and was limited to Terraform or the REST API, as other clients blocked it."
}
],
"impacts": [
{
"capecId": "CAPEC-70",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-70 Try Common or Default Usernames and Passwords"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1392",
"description": "CWE-1392 Use of default credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T09:16:35.151Z",
"orgId": "f45cbf4e-4146-4068-b7e1-655ffc2c548c",
"shortName": "GoogleCloud"
},
"references": [
{
"url": "https://docs.cloud.google.com/alloydb/docs/release-notes#April_28_2026"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis vulnerability was patched on November 3, 2025.\u003c/p\u003e\u003cp\u003eImpacted instances have been proactively remediated, and no customer action is needed.\u003c/p\u003e"
}
],
"value": "This vulnerability was patched on November 3, 2025.\n\n\n\nImpacted instances have been proactively remediated, and no customer action is needed."
}
],
"source": {
"discovery": "EXTERNAL"
},
"tags": [
"exclusively-hosted-service"
],
"title": "Insecure default administrative credentials in AlloyDB for PostgreSQL",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "f45cbf4e-4146-4068-b7e1-655ffc2c548c",
"assignerShortName": "GoogleCloud",
"cveId": "CVE-2026-7428",
"datePublished": "2026-05-12T09:16:35.151Z",
"dateReserved": "2026-04-29T14:38:05.602Z",
"dateUpdated": "2026-05-12T12:25:06.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Phase: Requirements
Description:
- Prohibit use of default, hard-coded, or other values that do not vary for each installation of the product - especially for separate organizations.
Mitigation
Phase: Architecture and Design
Description:
- Force the administrator to change the credential upon installation.
Mitigation
Phases: Installation, Operation
Description:
- The product administrator could change the defaults upon installation or during operation.
No CAPEC attack patterns related to this CWE.