Base weakness
Incomplete
CWE-1327: Binding to an Unrestricted IP Address
The product assigns the address 0.0.0.0 for a database server, a cloud service/instance, or any computing resource that communicates remotely.
Last updated
17
Recorded CVEs
With this primary weakness
0
KEVs
In the CISA KEV catalog
Not rated
Likelihood of exploit
Per MITRE
Base
Abstraction
MITRE classification
Overview
When a server binds to the address 0.0.0.0, it allows connections from every IP address on the local machine, effectively exposing the server to every possible network. This might be much broader access than intended by the developer or administrator, who might only be expecting the server to be reachable from a single interface/network.
Real-world CVEs
17 recorded CVEs are caused by CWE-1327 (Binding to an Unrestricted IP Address). The highest-severity and most recent are shown first. 5 new CWE-1327 CVEs have been recorded so far in 2026 (3 in 2025).