CVE-2026-5269 PUBLISHED

Navigator NCS and MCP System Accounts with Default Passwords

Assigner: Ciena
Reserved: 31.03.2026 Published: 14.07.2026 Updated: 15.07.2026

In Ciena's Navigator Network Control Suite (NCS) and Manage Control Plan (MCP), there are hidden system accounts used for internal software operations. Some of these accounts have default passwords that may be predictable. While these accounts have very limited permissions on their own, an attacker could combine an attack using one of these accounts with other potential weaknesses to launch a more significant attack, possibly leading to escalation of privilege on the system.

Product Status

Vendor CIENA
Product Navigator NCS
Versions Default: unaffected
  • Version 8.1 is affected
Vendor CIENA
Product MCP
Versions Default: unaffected
  • Version <= 8.0 is affected
Vendor CIENA
Product Planner Plus OnPrem
Versions Default: unaffected
  • Version <= 4.1 is affected

Solutions

Ciena recommends upgrading to the latest available remediated release. For additional details, refer to myciena.com for current software versions, fixes, and security advisories.

Remediation and Fixes:

Products

Remediated Version

Navigator NCS

= 8.2, 8.1-P02

MCP

8.0-P04, 7.2-P07

Planner Plus OnPrem

= 4.2, 4.1-P01

Credits

  • Special thanks to the team at TDC NET for their contribution. finder

References

Problem Types

  • CWE-1393 Use of default password CWE