Authentication Bypass Vulnerability in Ciena's Network Control Suite
CVE-2026-5270

Currently unrated

Key Information:

Vendor

Ciena

Vendor
CVE Published:
14 July 2026

What is CVE-2026-5270?

An authentication bypass vulnerability has been discovered in Ciena's Navigator Network Control Suite, Manage Control Plan, and Blue Planet products. This issue arises from improper handling of HTTP request paths and headers, enabling unauthenticated attackers to craft requests that circumvent authentication mechanisms and disrupt audit logging. As a result, sensitive operations could be performed without proper authorization, exposing critical systems to potential exploitation.

Affected Version(s)

Inventory <=24.04.001 <= 24.04.001

Inventory <=23.12.401 <= 23.12.401

Inventory <=23.08.302 <= 23.08.302

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Special thanks to the team at TDC NET for their contribution.
.