🔐 CVE Alert

CVE-2026-5270

CRITICAL 9.8

Authentication Bypass in Navigator and Blue Planet Products

CVSS Score
9.8
EPSS Score
0.0%
EPSS Percentile
0th

An authentication bypass vulnerability exists in certain releases of Ciena Navigator Network Control Suite (NCS), Manage Control Plan (MCP), and Blue Planet products. The issue is caused by improper handling of HTTP request paths and headers, which allows an unauthenticated attacker to manipulate requests in a manner that bypasses authentication and associated audit logging controls.

CWE CWE-287
Vendor ciena
Product navigator ncs
Published Jul 14, 2026
Last Updated Jul 15, 2026
Stay Ahead of the Next One

Get instant alerts for ciena navigator ncs

Be the first to know when new critical vulnerabilities affecting ciena navigator ncs are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

CIENA / Navigator NCS
8.1
CIENA / MCP
<= 8.0
CIENA / Planner Plus OnPrem
<= 4.1
Blue Planet / Inventory
<=24.04.001 <=23.12.401 <=23.08.302 <=23.04.701
Blue Planet / Orchestration
<=24.04.2 <=23.12.3 <=23.08.4 <=23.04.2
Blue Planet / Route Optimization & Analysis
<=24.04.1.2-R <=23.12.1.6-R <=23.08.1.6-R <=23.04.P01-9-R
Blue Planet / Unified Assurance & Analytics
<=24.04 MR1 <=23.12 MR3 <=23.04. MR4

References

NVD ↗ CVE.org ↗ EPSS Data ↗
ciena.com: https://www.ciena.com/product-security

Credits

Special thanks to the team at TDC NET for their contribution.