VYPR
Critical severity9.0NVD Advisory· Published Mar 11, 2026· Updated May 7, 2026

CVE-2023-27573

CVE-2023-27573

Description

netbox-docker before 2.5.0 has a superuser account with default credentials (admin password for the admin account, and 0123456789abcdef0123456789abcdef01234567 value for SUPERUSER_API_TOKEN). In practice on the public Internet, almost all users changed the password but only about 90% changed the token. Having a default token value was intentional and was valuable for the main intended use case of the netbox-docker product (isolated development networks). Some users engaged in an effort to repurpose netbox-docker for production. The documentation for this effort stated that the defaults must not be used. However, installation did not ensure non-default values. The Supplier was aware of the CVE ID assignment and did not object to the assignment.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • cpe:2.3:a:netboxlabs:netbox-docker:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:netboxlabs:netbox-docker:*:*:*:*:*:*:*:*range: <2.5.0
    • (no CPE)range: <2.5.0
  • netbox-community/netbox-dockerv5
    Range: 0

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.