the default SFTP server component utilized across the Ciena products listed. This vulnerability allows a remote, unauthenticated attacker to bypass
security controls and gain unauthorized access to the underlying filesystem.
Successful exploitation could allow an attacker to read or modify system files.
Project Subscriptions
No advisories yet.
Solution
Ciena recommends upgrading to the latest available remediated release. For additional details, refer to myciena.com for current software versions, fixes, and security advisories.
Workaround
No workaround given by the vendor.
| Link | Providers |
|---|---|
| https://www.ciena.com/product-security |
|
Mon, 06 Jul 2026 23:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Ciena
Ciena 6500 S-series Ciena 6500 T-series Ciena cpl Ciena pts |
|
| Vendors & Products |
Ciena
Ciena 6500 S-series Ciena 6500 T-series Ciena cpl Ciena pts |
Mon, 06 Jul 2026 19:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
cvssV3_1
|
Mon, 06 Jul 2026 15:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An authentication bypass vulnerability exists in the default SFTP server component utilized across the Ciena products listed. This vulnerability allows a remote, unauthenticated attacker to bypass security controls and gain unauthorized access to the underlying filesystem. Successful exploitation could allow an attacker to read or modify system files. | |
| Title | SFTP Server Authentication Weakness | |
| Weaknesses | CWE-288 | |
| References |
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: Ciena
Published:
Updated: 2026-07-08T20:18:06.557Z
Reserved: 2026-03-31T19:44:32.296Z
Link: CVE-2026-5268
Updated: 2026-07-06T18:42:28.543Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-08T21:30:08Z