anonhaven
Ad

CVE-2023-27573

CRITICAL CVSS 3.1: 9.0 EPSS 0.04%
Updated Mar 11, 2026
Docker
Parameter Value
CVSS 9.0 (CRITICAL)
Affected Versions before 2.5.0
Type CWE-1392
Vendor Docker
Public PoC No

netbox-docker before 2.5.0 has a superuser account with default credentials (admin password for the admin account, and 0123456789abcdef0123456789abcdef01234567 value for SUPERUSER_API_TOKEN). In practice on the public Internet, almost all users changed the password but only about 90% changed the token. Having a default token value was intentional and was valuable for the main intended use case of the netbox-docker product (isolated development networks).

Some users engaged in an effort to repurpose netbox-docker for production. The documentation for this effort stated that the defaults must not be used. However, installation did not ensure non-default values.

The Supplier was aware of the CVE ID assignment and did not object to the assignment.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
High
Difficult to exploit
Privileges Required
None
No privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
High
Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-1392

References 3

https://github.com/netbox-community/netbox-docker/issues/953
cve@mitre.org
https://github.com/netbox-community/netbox-docker/pull/959
cve@mitre.org
https://github.com/netbox-community/netbox-docker/releases/tag/2.5.0
cve@mitre.org
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-30953

Docker

7.7

CVE-2026-30247

Docker

5.9

CVE-2026-29093

Docker

8.1

CVE-2026-28479

Docker

8.7

CVE-2026-28406

Docker

8.2