Navigator NCS and MCP System Accounts with Default Passwords
Summary
| CVE | CVE-2026-5269 |
|---|---|
| State | PUBLISHED |
| Assigner | Ciena |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-07-14 23:17:34 UTC |
| Updated | 2026-07-15 20:08:02 UTC |
| Description | In Ciena's Navigator Network Control Suite (NCS) and Manage Control Plan (MCP), there are hidden system accounts used for internal software operations. Some of these accounts have default passwords that may be predictable. While these accounts have very limited permissions on their own, an attacker could combine an attack using one of these accounts with other potential weaknesses to launch a more significant attack, possibly leading to escalation of privilege on the system. |
Risk And Classification
Primary CVSS: v3.1 9.8 CRITICAL from ADP
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS: 0.001450000 probability, percentile 0.041300000 (date 2026-07-15)
Problem Types: CWE-1393 | CWE-1393 CWE-1393 Use of default password
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | ADP | DECLARED | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| 3.1 | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | Secondary | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
CVSS v3.1 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | CIENA | Navigator NCS | affected 8.1 | Not specified |
| CNA | CIENA | MCP | affected <= 8.0 | Not specified |
| CNA | CIENA | Planner Plus OnPrem | affected <= 4.1 | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| www.ciena.com/product-security | 7bd90cf1-1651-495e-9ae8-9415fb3c9feb | www.ciena.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
CNA: Special thanks to the team at TDC NET for their contribution. (en)
Additional Advisory Data
Solutions
CNA: Ciena recommends upgrading to the latest available remediated release. For additional details, refer to myciena.com for current software versions, fixes, and security advisories. Remediation and Fixes: Products Remediated Version Navigator NCS >= 8.2, 8.1-P02 MCP 8.0-P04, 7.2-P07 Planner Plus OnPrem >= 4.2, 4.1-P01