CVE-2026-5268

Summary

An authentication bypass vulnerability exists in the default SFTP server component utilized across the Ciena products listed. This vulnerability allows a remote, unauthenticated attacker to bypass security controls and gain unauthorized access to the underlying filesystem. Successful exploitation could allow an attacker to read or modify system files.

Affected Software

VendorProductVersion RangeStatus
CIENA6500 S-SeriesR16.96 and prioraffected
CIENA6500 T-SeriesR16.1 and prioraffected
CIENAPTSR16.1 and prioraffected
CIENACPLR12.63 and prioraffected

Weaknesses

  • CWE-288: CWE-288 Authentication bypass using an alternate path or channel

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References