Skip to main content

Ciena Navigator NCS CVE-2026-5270

| EUVDEUVD-2026-44573 CRITICAL
Improper Authentication (CWE-287)
2026-07-14 7bd90cf1-1651-495e-9ae8-9415fb3c9feb GHSA-rp4h-q5qj-wrcr
9.8
CVSS 3.1 · Vendor: 7bd90cf1-1651-495e-9ae8-9415fb3c9feb
Share

Severity by source

Vendor (7bd90cf1-1651-495e-9ae8-9415fb3c9feb) PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
9.8 CRITICAL

A single crafted HTTP request over the network with no auth or interaction (AV:N/AC:L/PR:N/UI:N) yields full management access, so C:H/I:H/A:H.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (7bd90cf1-1651-495e-9ae8-9415fb3c9feb).

CVSS VectorVendor: 7bd90cf1-1651-495e-9ae8-9415fb3c9feb

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Jul 15, 2026 - 13:24 vuln.today
CVSS changed
Jul 15, 2026 - 13:22 NVD
9.8 (CRITICAL)
CVE Published
Jul 14, 2026 - 23:17 cve.org
CRITICAL 9.8
CVE Published
Jul 14, 2026 - 23:17 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

An authentication bypass vulnerability exists in certain releases of Ciena Navigator Network Control Suite (NCS), Manage Control Plan (MCP), and Blue Planet products. The issue is caused by improper handling of HTTP request paths and headers, which allows an unauthenticated attacker to manipulate requests in a manner that bypasses authentication and associated audit logging controls.

AnalysisAI

Authentication bypass in Ciena Navigator Network Control Suite (NCS 8.1), Manage Control Plane (MCP ≤ 8.0), and Blue Planet components (Inventory, Orchestration, Route Optimization & Analysis, Unified Assurance & Analytics, Planner Plus) allows an unauthenticated network attacker to manipulate HTTP request paths and headers to reach protected functionality while also evading audit logging. Rated CVSS 9.8 with a fully remote, low-complexity, no-interaction vector, this flaw hands attackers administrative-level access to carrier-grade network control and orchestration platforms. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach Ciena management web interface
Delivery
Craft HTTP request with manipulated path/headers
Exploit
Bypass authentication and audit logging
Execution
Access privileged management functions
Impact
Alter or disrupt network orchestration

Vulnerability AssessmentAI

Exploitation Exploitation requires network reachability to the HTTP(S) management interface of an affected Ciena product (Navigator NCS 8.1, MCP ≤ 8.0, or a listed Blue Planet module version) and the ability to send crafted requests with manipulated URL paths and/or HTTP headers; per CVSS AV:N/AC:L/PR:N/UI:N no authentication, user interaction, or special client is needed against affected versions. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment All static signals point to genuine high priority: the CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N, C:H/I:H/A:H) means remote, unauthenticated, single-request exploitation with total confidentiality, integrity, and availability impact, consistent with the 9.8 base score. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who can reach the Navigator NCS, MCP, or Blue Planet web interface sends a single crafted HTTP request with manipulated path segments and/or headers that the authentication layer fails to associate with a protected endpoint, gaining access to privileged management functions without credentials. Because the same manipulation evades audit logging, the attacker can enumerate topology, alter network service orchestration, or disrupt managed transport/optical services while leaving little trace. …
Remediation Patch available per vendor advisory: consult Ciena's Product Security portal (https://www.ciena.com/product-security) for the fixed releases - the EUVD version ranges use '≤' notation, indicating remediation is delivered in releases above each listed threshold (e.g., MCP above 8.0, Navigator NCS above 8.1, and the corresponding higher Blue Planet Inventory/Orchestration/ROA/UAA/Planner Plus builds); apply the vendor-supplied upgrade for your specific module and train. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, identify all affected Ciena Navigator NCS 8.1, MCP ≤8.0, and Blue Planet implementations and immediately restrict network access to management interfaces using firewall rules and network segmentation to trusted networks only. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-5270 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy