CVE-2026-5270

Summary

An authentication bypass vulnerability exists in certain releases of Ciena Navigator Network Control Suite (NCS), Manage Control Plan (MCP), and Blue Planet products. The issue is caused by improper handling of HTTP request paths and headers, which allows an unauthenticated attacker to manipulate requests in a manner that bypasses authentication and associated audit logging controls.

Affected Software

VendorProductVersion RangeStatus
CIENANavigator NCS8.1affected
CIENAMCP<= 8.0affected
CIENAPlanner Plus OnPrem<= 4.1affected
Blue PlanetInventory<=24.04.001affected
Blue PlanetInventory<=23.12.401affected
Blue PlanetInventory<=23.08.302affected
Blue PlanetInventory<=23.04.701affected
Blue PlanetOrchestration<=24.04.2affected
Blue PlanetOrchestration<=23.12.3affected
Blue PlanetOrchestration<=23.08.4affected
Blue PlanetOrchestration<=23.04.2affected
Blue PlanetRoute Optimization & Analysis<=24.04.1.2-Raffected
Blue PlanetRoute Optimization & Analysis<=23.12.1.6-Raffected
Blue PlanetRoute Optimization & Analysis<=23.08.1.6-Raffected
Blue PlanetRoute Optimization & Analysis<=23.04.P01-9-Raffected
Blue PlanetUnified Assurance & Analytics<=24.04 MR1affected
Blue PlanetUnified Assurance & Analytics<=23.12 MR3affected
Blue PlanetUnified Assurance & Analytics<=23.04. MR4affected

Weaknesses

  • CWE-287: CWE-287 Improper Authentication

References