CWE-1327 (Binding to an Unrestricted IP Address) documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.
The product assigns the address 0.0.0.0 for a database server, a cloud service/instance, or any computing resource that communicates remotely.
| Kind | Name | Class | Prevalence | OS / CPE |
|---|---|---|---|---|
| language | Other | — | Undetermined | — |
| operating_system | — | Not OS-Specific | Undetermined | — |
| architecture | — | Not Architecture-Specific | Undetermined | — |
| technology | Web Server | — | Undetermined | — |
| technology | — | Client Server | Undetermined | — |
| technology | — | Cloud Computing | Undetermined | — |
These CVEs are mapped to this weakness in this database and kept for traceability and search.
| CVE | Published | Summary |
|---|---|---|
| CVE-2026-0481 | 2026-05-15 | Unrestricted IP address binding in the AMD Device Metrics Exporter (ROCm ecosystem) could allow a remote attacker to perform unauthorized changes to the GPU configuration, potentially resulting in los… |
| CVE-2026-42503 | 2026-05-06 | gopls by default communicates via pipe. However, -port and -listen flags are supported as means of debugging. If -listen is given a value without an explicit host (e.g. :8080), or -port is used, gopls… |
| CVE-2026-24015 | 2026-03-09 | A vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue.… |
| CVE-2026-28395 | 2026-03-05 | OpenClaw version 2026.1.14-1 prior to 2026.2.12 contains an improper network binding vulnerability in the Chrome extension (must be installed and enabled) relay server that treats wildcard hosts as lo… |
| CVE-2026-21528 | 2026-02-10 | Binding to an unrestricted ip address in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network. |
| CVE-2025-11538 | 2025-11-13 | A vulnerability exists in Keycloak's server distribution where enabling debug mode (--debug <port>) insecurely defaults to binding the Java Debug Wire Protocol (JDWP) port to all network interfaces (0… |
| CVE-2025-61934 | 2025-10-23 | A binding to an unrestricted IP address vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the … |
| CVE-2025-55322 | 2025-09-24 | Binding to an unrestricted ip address in GitHub allows an unauthorized attacker to execute code over a network. |
| CVE-2025-3621 | 2025-07-15 | Vulnerabilities* in ActADUR local server product, developed and maintained by ProTNS, allows Remote Code Inclusion on host systems. * vulnerabilities: * Improper Neutralization of Special Elem… |
| CVE-2024-49384 | 2024-10-15 | Excessive attack surface in acep-collector service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. |
| CVE-2024-49383 | 2024-10-15 | Excessive attack surface in acep-importer service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. |
| CVE-2024-49382 | 2024-10-15 | Excessive attack surface in archive-server service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. |
| CVE-2024-47176 | 2024-09-26 | CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `… |
| CVE-2024-36105 | 2024-05-27 | dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. Prior to versions 1.6.15, 1.7.15, and 1.8.1, Binding to `INA… |
| CVE-2023-5398 | 2024-04-17 | Server receiving a malformed message based on a list of IPs resulting in heap corruption causing a denial of service. See Honeywell Security Notification for recommendations on upgrading and versionin… |
| CVE-2023-41742 | 2023-08-31 | Excessive attack surface due to binding to an unrestricted IP address. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 30430, Acronis Cyber Protect 15 (Linux, m… |
| CVE-2023-1968 | 2023-04-28 | Instruments with Illumina Universal Copy Service v2.x are vulnerable due to binding to an unrestricted IP address. An unauthenticated malicious actor could use UCS to listen on all IP addresses, incl… |
| CVE-2022-29820 | 2022-04-28 | In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible |
| Date | Name | Version | Importance | Comment |
|---|---|---|---|---|
| 2021-03-15 | CWE Content Team | 4.4 | — | updated Relationships |
| 2023-04-27 | CWE Content Team | 4.11 | — | updated Relationships |
| 2023-06-29 | CWE Content Team | 4.12 | — | updated Mapping_Notes |
| 2023-10-26 | CWE Content Team | 4.13 | — | updated Observed_Examples |
| 2025-09-09 | CWE Content Team | 4.18 | — | updated References |
| 2025-12-11 | CWE Content Team | 4.19 | — | updated Weakness_Ordinalities |
| 2026-04-30 | CWE Content Team | 4.20 | — | updated Observed_Examples |