Nokia CBIS/NCS Manager API Vulnerability Allows Attackers to Bypass Authentication

On September 18, 2025, Orange Cert publicly disclosed a critical authentication bypass vulnerability affecting Nokia’s CBIS (CloudBand Infrastructure Software) and NCS (Nokia Container Service)…