CWE-1327
AllowedBinding to an Unrestricted IP Address
Abstraction: Base · Status: Incomplete
The product assigns the address 0.0.0.0 for a database server, a cloud service/instance, or any computing resource that communicates remotely.
37 vulnerabilities reference this CWE, most recent first.
GHSA-4VX3-8W8X-CP7W
Vulnerability from github – Published: 2025-10-24 00:30 – Updated: 2025-10-24 00:30A binding to an unrestricted IP address vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and read, write, or delete arbitrary files and folders on the target machine
{
"affected": [],
"aliases": [
"CVE-2025-61934"
],
"database_specific": {
"cwe_ids": [
"CWE-1327"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-23T22:15:48Z",
"severity": "CRITICAL"
},
"details": "A binding to an unrestricted IP address vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and read, write, or delete arbitrary files and folders on the target machine",
"id": "GHSA-4vx3-8w8x-cp7w",
"modified": "2025-10-24T00:30:53Z",
"published": "2025-10-24T00:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61934"
},
{
"type": "WEB",
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-296-01.json"
},
{
"type": "WEB",
"url": "https://support.automationdirect.com/docs/securityconsiderations.pdf"
},
{
"type": "WEB",
"url": "https://www.automationdirect.com/support/software-downloads"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-296-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-525J-HQQ2-66R4
Vulnerability from github – Published: 2026-04-17 21:59 – Updated: 2026-04-17 21:59Summary
Sandbox browser CDP relay could expose DevTools protocol on 0.0.0.0.
Affected Packages / Versions
- Package:
openclaw - Ecosystem: npm
- Affected versions:
< 2026.4.10 - Patched versions:
>= 2026.4.10
Impact
The sandbox browser CDP relay could bind too broadly, exposing Chrome DevTools Protocol access outside the intended local/sandbox source range.
Technical Details
The fix enforces CDP source-range restriction by default and avoids broad 0.0.0.0 exposure unless explicitly configured.
Fix
The issue was fixed in #61404. The first stable tag containing the fix is v2026.4.10, and openclaw@2026.4.14 includes the fix.
Fix Commit(s)
fbf11ebdb7110632f93926d0ac7b48f04cb44d77- PR: #61404
Release Process Note
Users should upgrade to openclaw 2026.4.10 or newer. The latest npm release, 2026.4.14, already includes the fix.
Credits
Thanks to @zsxsoft, with sponsorship from @KeenSecurityLab and @qclawer for reporting this issue.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "openclaw"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2026.4.10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-1327",
"CWE-284"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-17T21:59:55Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "## Summary\n\nSandbox browser CDP relay could expose DevTools protocol on 0.0.0.0.\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Ecosystem: npm\n- Affected versions: `\u003c 2026.4.10`\n- Patched versions: `\u003e= 2026.4.10`\n\n## Impact\n\nThe sandbox browser CDP relay could bind too broadly, exposing Chrome DevTools Protocol access outside the intended local/sandbox source range.\n\n## Technical Details\n\nThe fix enforces CDP source-range restriction by default and avoids broad `0.0.0.0` exposure unless explicitly configured.\n\n## Fix\n\nThe issue was fixed in #61404. The first stable tag containing the fix is `v2026.4.10`, and `openclaw@2026.4.14` includes the fix.\n\n## Fix Commit(s)\n\n- `fbf11ebdb7110632f93926d0ac7b48f04cb44d77`\n- PR: #61404\n\n## Release Process Note\n\nUsers should upgrade to `openclaw` 2026.4.10 or newer. The latest npm release, `2026.4.14`, already includes the fix.\n\n## Credits\n\nThanks to @zsxsoft, with sponsorship from @KeenSecurityLab and @qclawer for reporting this issue.",
"id": "GHSA-525j-hqq2-66r4",
"modified": "2026-04-17T21:59:55Z",
"published": "2026-04-17T21:59:55Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-525j-hqq2-66r4"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/pull/61404"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/commit/fbf11ebdb7110632f93926d0ac7b48f04cb44d77"
},
{
"type": "PACKAGE",
"url": "https://github.com/openclaw/openclaw"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "OpenClaw: Sandbox browser CDP relay could expose DevTools protocol on 0.0.0.0"
}
GHSA-73QP-WRVV-85M7
Vulnerability from github – Published: 2024-10-15 12:30 – Updated: 2024-10-15 12:30Excessive attack surface in acep-importer service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.
{
"affected": [],
"aliases": [
"CVE-2024-49383"
],
"database_specific": {
"cwe_ids": [
"CWE-1327"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-15T11:15:13Z",
"severity": "LOW"
},
"details": "Excessive attack surface in acep-importer service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.",
"id": "GHSA-73qp-wrvv-85m7",
"modified": "2024-10-15T12:30:37Z",
"published": "2024-10-15T12:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49383"
},
{
"type": "WEB",
"url": "https://security-advisory.acronis.com/advisories/SEC-7285"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-74CF-PGH9-M5Q2
Vulnerability from github – Published: 2026-03-09 09:30 – Updated: 2026-03-11 00:08A vulnerability in Apache IoTDB.
This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7.
Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.iotdb:iotdb-core"
},
"ranges": [
{
"events": [
{
"introduced": "1.0.0"
},
{
"fixed": "1.3.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.iotdb:iotdb-core"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.0.7"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-24015"
],
"database_specific": {
"cwe_ids": [
"CWE-1327"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-11T00:08:44Z",
"nvd_published_at": "2026-03-09T09:16:02Z",
"severity": "CRITICAL"
},
"details": "A vulnerability in Apache IoTDB.\n\nThis issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7.\n\nUsers are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue.",
"id": "GHSA-74cf-pgh9-m5q2",
"modified": "2026-03-11T00:08:44Z",
"published": "2026-03-09T09:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24015"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/iotdb"
},
{
"type": "WEB",
"url": "https://github.com/apache/iotdb/compare/v1.3.6...v1.3.7"
},
{
"type": "WEB",
"url": "https://github.com/apache/iotdb/compare/v2.0.6...v2.0.7"
},
{
"type": "WEB",
"url": "https://github.com/apache/iotdb/releases/tag/v1.3.7"
},
{
"type": "WEB",
"url": "https://github.com/apache/iotdb/releases/tag/v2.0.7"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/j769ywdqm46zl3oz5lbffsldklg0ow7p"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/03/09/5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Apache IoTDB has an Insecure Default Configuration Vulnerability"
}
GHSA-7M9G-PMXF-M9M8
Vulnerability from github – Published: 2025-11-13 18:31 – Updated: 2025-12-20 05:40Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-j4vq-q93m-4683. This link is maintained to preserve external references.
Original Description
A vulnerability exists in Keycloak's server distribution where enabling debug mode (--debug ) insecurely defaults to binding the Java Debug Wire Protocol (JDWP) port to all network interfaces (0.0.0.0). This exposes the debug port to the local network, allowing an attacker on the same network segment to attach a remote debugger and achieve remote code execution within the Keycloak Java virtual machine.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.keycloak:keycloak-quarkus-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "26.4.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-1327"
],
"github_reviewed": true,
"github_reviewed_at": "2025-11-13T23:41:01Z",
"nvd_published_at": "2025-11-13T17:15:44Z",
"severity": "MODERATE"
},
"details": "### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-j4vq-q93m-4683. This link is maintained to preserve external references.\n\n### Original Description\nA vulnerability exists in Keycloak\u0027s server distribution where enabling debug mode (--debug \u003cport\u003e) insecurely defaults to binding the Java Debug Wire Protocol (JDWP) port to all network interfaces (0.0.0.0). This exposes the debug port to the local network, allowing an attacker on the same network segment to attach a remote debugger and achieve remote code execution within the Keycloak Java virtual machine.",
"id": "GHSA-7m9g-pmxf-m9m8",
"modified": "2025-12-20T05:40:50Z",
"published": "2025-11-13T18:31:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11538"
},
{
"type": "WEB",
"url": "https://github.com/keycloak/keycloak/pull/43574"
},
{
"type": "WEB",
"url": "https://github.com/keycloak/keycloak/commit/9e98f2bf961f68853cea6fbec58b512ed8be7ca9"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:21370"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:21371"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2025-11538"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402622"
},
{
"type": "PACKAGE",
"url": "https://github.com/keycloak/keycloak"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Duplicate Advisory: Keycloak allows Binding to an Unrestricted IP Address",
"withdrawn": "2025-12-02T00:34:30Z"
}
GHSA-8C78-H946-HMR5
Vulnerability from github – Published: 2024-04-17 18:31 – Updated: 2024-04-17 18:31Server receiving a malformed message based on a list of IPs resulting in heap corruption causing a denial of service. See Honeywell Security Notification for recommendations on upgrading and versioning.
{
"affected": [],
"aliases": [
"CVE-2023-5398"
],
"database_specific": {
"cwe_ids": [
"CWE-1327"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-17T17:15:13Z",
"severity": "MODERATE"
},
"details": "Server receiving a malformed message based on a list of IPs resulting in heap corruption causing a denial of service.\u00a0See Honeywell Security Notification for recommendations on upgrading and versioning.\n\n",
"id": "GHSA-8c78-h946-hmr5",
"modified": "2024-04-17T18:31:34Z",
"published": "2024-04-17T18:31:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5398"
},
{
"type": "WEB",
"url": "https://process.honeywell.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-92G9-C25J-HQP6
Vulnerability from github – Published: 2023-08-31 15:30 – Updated: 2023-08-31 15:30Excessive attack surface due to binding to an unrestricted IP address. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 30430, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979.
{
"affected": [],
"aliases": [
"CVE-2023-41742"
],
"database_specific": {
"cwe_ids": [
"CWE-1327",
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-31T15:15:08Z",
"severity": "MODERATE"
},
"details": "Excessive attack surface due to binding to an unrestricted IP address. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 30430, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979.",
"id": "GHSA-92g9-c25j-hqp6",
"modified": "2023-08-31T15:30:17Z",
"published": "2023-08-31T15:30:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41742"
},
{
"type": "WEB",
"url": "https://security-advisory.acronis.com/advisories/SEC-4351"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-9344-F92H-VR44
Vulnerability from github – Published: 2026-05-06 18:30 – Updated: 2026-05-06 18:30gopls by default communicates via pipe. However, -port and -listen flags are supported as means of debugging. If -listen is given a value without an explicit host (e.g. :8080), or -port is used, gopls will listen on 0.0.0.0. As a result, users might inadvertently cause gopls to bind 0.0.0.0. This can allow a malicious party on the same network to execute code arbitrarily via gopls.
{
"affected": [],
"aliases": [
"CVE-2026-42503"
],
"database_specific": {
"cwe_ids": [
"CWE-1327"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-06T17:16:23Z",
"severity": "HIGH"
},
"details": "gopls by default communicates via pipe. However, -port and -listen flags are supported as means of debugging.\nIf -listen is given a value without an explicit host (e.g. :8080), or -port is used, gopls will listen on 0.0.0.0.\u00a0\nAs a result, users might\u00a0inadvertently cause gopls to bind 0.0.0.0.\nThis can allow a\u00a0malicious party on the same network to execute code arbitrarily via gopls.",
"id": "GHSA-9344-f92h-vr44",
"modified": "2026-05-06T18:30:31Z",
"published": "2026-05-06T18:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42503"
},
{
"type": "WEB",
"url": "https://go.dev/cl/774381"
},
{
"type": "WEB",
"url": "https://go.dev/issue/79211"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CPWH-2GHX-4JVR
Vulnerability from github – Published: 2023-04-28 21:30 – Updated: 2024-04-04 03:43Instruments with Illumina Universal Copy Service v2.x are vulnerable due to binding to an unrestricted IP address. An unauthenticated malicious actor could use UCS to listen on all IP addresses, including those capable of accepting remote communications.
{
"affected": [],
"aliases": [
"CVE-2023-1968"
],
"database_specific": {
"cwe_ids": [
"CWE-1327"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-28T19:15:16Z",
"severity": "HIGH"
},
"details": "\nInstruments with Illumina Universal Copy Service v2.x are vulnerable due to binding to an unrestricted IP address. An unauthenticated malicious actor could use UCS to listen on all IP addresses, including those capable of accepting remote communications. \n\n\n\n\n\n\n\n",
"id": "GHSA-cpwh-2ghx-4jvr",
"modified": "2024-04-04T03:43:59Z",
"published": "2023-04-28T21:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1968"
},
{
"type": "WEB",
"url": "https://support.illumina.com/downloads/illumina-universal-copy-service-1-0.html"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-23-117-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FHFP-X6GX-HFQM
Vulnerability from github – Published: 2025-09-24 21:30 – Updated: 2025-09-24 21:30Binding to an unrestricted ip address in GitHub allows an unauthorized attacker to execute code over a network.
{
"affected": [],
"aliases": [
"CVE-2025-55322"
],
"database_specific": {
"cwe_ids": [
"CWE-1327"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-24T19:15:38Z",
"severity": "HIGH"
},
"details": "Binding to an unrestricted ip address in GitHub allows an unauthorized attacker to execute code over a network.",
"id": "GHSA-fhfp-x6gx-hfqm",
"modified": "2025-09-24T21:30:37Z",
"published": "2025-09-24T21:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55322"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55322"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
Mitigation
Assign IP addresses that are not 0.0.0.0.
Mitigation
Strategy: Firewall
Unwanted connections to the configured server may be denied through a firewall or other packet filtering measures.
CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs
In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application's functionality; particularly URL's for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to.