the default SFTP server component utilized across the Ciena products listed. This vulnerability allows a remote, unauthenticated attacker to bypass
security controls and gain unauthorized access to the underlying filesystem.
Successful exploitation could allow an attacker to read or modify system files.
Analysis and contextual insights are available on OpenCVE Cloud.
Vendor Solution
Ciena recommends upgrading to the latest available remediated release. For additional details, refer to myciena.com for current software versions, fixes, and security advisories.
Tracking
Sign in to view the affected projects.
No advisories yet.
| Link | Providers |
|---|---|
| https://www.ciena.com/product-security |
|
Mon, 06 Jul 2026 23:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Ciena
Ciena 6500 S-series Ciena 6500 T-series Ciena cpl Ciena pts |
|
| Vendors & Products |
Ciena
Ciena 6500 S-series Ciena 6500 T-series Ciena cpl Ciena pts |
Mon, 06 Jul 2026 19:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
cvssV3_1
|
Mon, 06 Jul 2026 15:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An authentication bypass vulnerability exists in the default SFTP server component utilized across the Ciena products listed. This vulnerability allows a remote, unauthenticated attacker to bypass security controls and gain unauthorized access to the underlying filesystem. Successful exploitation could allow an attacker to read or modify system files. | |
| Title | SFTP Server Authentication Weakness | |
| Weaknesses | CWE-288 | |
| References |
|
Status: PUBLISHED
Assigner: Ciena
Published:
Updated: 2026-07-08T20:18:06.557Z
Reserved: 2026-03-31T19:44:32.296Z
Link: CVE-2026-5268
Updated: 2026-07-06T18:42:28.543Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-08T21:30:08Z