CVE-2026-5268 PUBLISHED

SFTP Server Authentication Weakness

Assigner: Ciena
Reserved: 31.03.2026 Published: 06.07.2026 Updated: 06.07.2026

An authentication bypass vulnerability exists in the default SFTP server component utilized across the Ciena products listed. This vulnerability allows a remote, unauthenticated attacker to bypass security controls and gain unauthorized access to the underlying filesystem. Successful exploitation could allow an attacker to read or modify system files.

Product Status

Vendor CIENA
Product 6500 S-Series
Versions Default: affected
  • Version R16.96 and prior is affected
Vendor CIENA
Product 6500 T-Series
Versions Default: affected
  • Version R16.1 and prior is affected
Vendor CIENA
Product PTS
Versions Default: affected
  • Version R16.1 and prior is affected
Vendor CIENA
Product CPL
Versions Default: affected
  • Version R12.63 and prior is affected

References

Problem Types

  • CWE-288 Authentication bypass using an alternate path or channel CWE