Project Subscriptions
No data.
No advisories yet.
Solution
Ciena recommends upgrading to the latest available remediated release. For additional details, refer to myciena.com for current software versions, fixes, and security advisories. Remediation and Fixes: Products Remediated Version BP Inventory >=24.08, 24.04.100, 23.12.500, 23.08.400, 23.04.800 BP Orchestration >=24.08, 24.04.3 MR3, 23.12.4 MR4, 23.08.5 MR5, 23.04.4 MR3 BP Route Optimization & Analysis >=24.08, 24.04.2-3-R, 23.12.2.1-R, 23.08.2.-1-R, 23.04.P02-1-R BP Unified Assurance & Analytics >=24.08, 24.04.MR2, 23.12.MR4 Navigator NCS >= 8.2, 8.1-P02 MCP 8.0-P04, 7.2-P07 Planner Plus OnPrem >= 4.2, 4.1-P01
Workaround
No workaround given by the vendor.
| Link | Providers |
|---|---|
| https://www.ciena.com/product-security |
|
Wed, 15 Jul 2026 13:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
cvssV3_1
|
Tue, 14 Jul 2026 22:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An authentication bypass vulnerability exists in certain releases of Ciena Navigator Network Control Suite (NCS), Manage Control Plan (MCP), and Blue Planet products. The issue is caused by improper handling of HTTP request paths and headers, which allows an unauthenticated attacker to manipulate requests in a manner that bypasses authentication and associated audit logging controls. | |
| Title | Authentication Bypass in Navigator and Blue Planet Products | |
| Weaknesses | CWE-287 | |
| References |
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: Ciena
Published:
Updated: 2026-07-15T12:39:32.248Z
Reserved: 2026-03-31T19:44:41.118Z
Link: CVE-2026-5270
Updated: 2026-07-15T12:39:11.872Z
No data.
No data.
OpenCVE Enrichment
No data.