the default SFTP server component utilized across the Ciena products listed. This vulnerability allows a remote, unauthenticated attacker to bypass
security controls and gain unauthorized access to the underlying filesystem.
Successful exploitation could allow an attacker to read or modify system files.
Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
| Link | Providers |
|---|---|
| https://www.ciena.com/product-security |
|
Mon, 06 Jul 2026 23:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Ciena
Ciena 6500 S-series Ciena 6500 T-series Ciena cpl Ciena pts |
|
| Vendors & Products |
Ciena
Ciena 6500 S-series Ciena 6500 T-series Ciena cpl Ciena pts |
Mon, 06 Jul 2026 19:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
cvssV3_1
|
Mon, 06 Jul 2026 15:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An authentication bypass vulnerability exists in the default SFTP server component utilized across the Ciena products listed. This vulnerability allows a remote, unauthenticated attacker to bypass security controls and gain unauthorized access to the underlying filesystem. Successful exploitation could allow an attacker to read or modify system files. | |
| Title | SFTP Server Authentication Weakness | |
| Weaknesses | CWE-288 | |
| References |
|
Status: PUBLISHED
Assigner: Ciena
Published:
Updated: 2026-07-06T18:42:39.325Z
Reserved: 2026-03-31T19:44:32.296Z
Link: CVE-2026-5268
Updated: 2026-07-06T18:42:28.543Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-07T17:30:17Z