Home

Description

An authentication bypass vulnerability exists in certain releases of Ciena Navigator Network Control Suite (NCS), Manage Control Plan (MCP), and Blue Planet products. The issue is caused by improper handling of HTTP request paths and headers, which allows an unauthenticated attacker to manipulate requests in a manner that bypasses authentication and associated audit logging controls.

PUBLISHED Reserved 2026-03-31 | Published 2026-07-14 | Updated 2026-07-14 | Assigner Ciena

Problem types

CWE-287 Improper Authentication

Product status

Default status
unaffected

8.1
affected

Default status
unaffected

<= 8.0
affected

Default status
unaffected

<= 4.1
affected

Default status
unaffected

<=24.04.001
affected

<=23.12.401
affected

<=23.08.302
affected

<=23.04.701
affected

Default status
unaffected

<=24.04.2
affected

<=23.12.3
affected

<=23.08.4
affected

<=23.04.2
affected

Default status
unaffected

<=24.04.1.2-R
affected

<=23.12.1.6-R
affected

<=23.08.1.6-R
affected

<=23.04.P01-9-R
affected

Default status
unaffected

<=24.04 MR1
affected

<=23.12 MR3
affected

<=23.04. MR4
affected

Credits

Special thanks to the team at TDC NET for their contribution. finder

References

www.ciena.com/product-security

cve.org (CVE-2026-5270)

nvd.nist.gov (CVE-2026-5270)

Download JSON