CVE-2026-5269
Navigator NCS and MCP System Accounts with Default Passwords
CVSS Score
9.8
EPSS Score
0.0%
EPSS Percentile
0th
In Ciena's Navigator Network Control Suite (NCS) and Manage Control Plan (MCP), there are hidden system accounts used for internal software operations. Some of these accounts have default passwords that may be predictable. While these accounts have very limited permissions on their own, an attacker could combine an attack using one of these accounts with other potential weaknesses to launch a more significant attack, possibly leading to escalation of privilege on the system.
| CWE | CWE-1393 |
| Vendor | ciena |
| Product | navigator ncs |
| Published | Jul 14, 2026 |
| Last Updated | Jul 15, 2026 |
Stay Ahead of the Next One
Get instant alerts for ciena navigator ncs
Be the first to know when new critical vulnerabilities affecting ciena navigator ncs are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
CIENA / Navigator NCS
8.1
CIENA / MCP
<= 8.0
CIENA / Planner Plus OnPrem
<= 4.1
Credits
Special thanks to the team at TDC NET for their contribution.