Constraint-based path computation supports traffic engineering in connection-oriented communication networks, such as those based on Multi-Protocol Label Switching (MPLS) orGeneralized MPLS (GMPLS). A path computation engine (PCE) (also referred to as a path computation element) in this regard computes a path over which data is to be conveyed over acommunication network. The PCE may compute the path based on a network graph or topology, taking into account any computational constraints. For example, a PCE may compute a Traffic Engineered Label Switched Path taking into account bandwidth, latency,and/or other constraints applicable to the path service request. In some cases, such as where network links in a connection-oriented communication network are not under the full control of the network operator or customer of the network operator, the connection-oriented communication network cannot be regarded as fully safe from the cybersecurity, data protection and privacy perspectives. For example, the connection-oriented communication network may be regarded as vulnerable to security and privacy attacks, e.g., denial-of-service attacks, man in the middle, packet sniffing attacks, etc. Some known PCE approaches address this by implementing security-aware path computation. For example, one approach computes a path to include nodes that are more secure against cyber-attacks .Known approaches to security-aware and privacy-aware path computation, however, prove insufficient in a number of respects. Some approaches reactively switch paths only after detection (when data may have already been compromised). Other approaches provide proactive switching but prove impractical in terms of complexity, costs, latency, and/or scalability, in part because they rely on metrics that require security audits, assessments, comparison with market benchmarks, log elaborations, etc. A novel security-aware and privacy-aware path computation is advantageously proposed to reflect the practical, real-world security risks facing the nodes under consideration for inclusion in the paths. Furthermore, exploiting a common vulnerability score that is commonly and readily available for retrieval advantageously facilitates simple and cost-effective implementation, scalability with network size, zero-touch automation, backward compatibility, easy acceptance and standardization and quicker reactivity to network variations or security threats.