Authentication Bypass in Ciena Products Affecting Default SFTP Server
CVE-2026-5268

Currently unrated

Key Information:

Vendor

Ciena

Vendor
CVE Published:
6 July 2026

What is CVE-2026-5268?

An authentication bypass vulnerability has been identified in the default SFTP server component used in various Ciena products. This flaw enables remote, unauthenticated attackers to circumvent security measures, potentially granting them unauthorized access to the underlying filesystem. If successfully exploited, this vulnerability may allow attackers to read or modify crucial system files, posing significant risks to data integrity and confidentiality.

Affected Version(s)

6500 S-Series R16.96 and prior

6500 T-Series R16.1 and prior

CPL R12.63 and prior

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.