Skip to main content

Ciena 6500 CVE-2026-5268

| EUVDEUVD-2026-41884 CRITICAL
Authentication Bypass Using an Alternate Path or Channel (CWE-288)
2026-07-06 Ciena GHSA-m6c7-7xhp-6vhc
9.1
CVSS 3.1 · Vendor: Ciena
Share

Severity by source

Vendor (Ciena) PRIMARY
9.1 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
vuln.today AI
9.1 CRITICAL

Default SFTP server is remotely reachable and bypasses auth, so AV:N/AC:L/PR:N/UI:N; read and modify of system files gives C:H/I:H, and no described DoS gives A:N.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (Ciena).

CVSS VectorVendor: Ciena

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

3
Analysis Generated
Jul 06, 2026 - 19:28 vuln.today
CVSS changed
Jul 06, 2026 - 19:22 NVD
9.1 (CRITICAL)
CVE Published
Jul 06, 2026 - 15:25 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

An authentication bypass vulnerability exists in the default SFTP server component utilized across the Ciena products listed. This vulnerability allows a remote, unauthenticated attacker to bypass security controls and gain unauthorized access to the underlying filesystem. Successful exploitation could allow an attacker to read or modify system files.

AnalysisAI

Authentication bypass in the default SFTP server component shared across Ciena's 6500 S-Series, 6500 T-Series, PTS, and CPL packet-optical transport platforms allows a remote, unauthenticated attacker to reach the underlying filesystem and read or modify system files. Rated CVSS 9.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) and classified as CWE-288, the flaw undermines the primary access control on management-plane file transfer. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach management-plane SFTP service
Delivery
Open SFTP/SSH session
Exploit
Trigger authentication bypass (CWE-288)
Execution
Gain unauthorized filesystem access
Impact
Read or modify system files

Vulnerability AssessmentAI

Exploitation The prerequisite is network reachability to the default-enabled SFTP server component on an affected Ciena element (6500 S-Series R16.96 and prior, 6500 T-Series R16.1 and prior, PTS R16.1 and prior, or CPL R12.63 and prior); no credentials, no user interaction, and no non-default configuration are required, since the SFTP server is described as running by default. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The signals are largely consistent and point to a genuine high-priority issue rather than a paper-tiger high-CVSS score. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with network access to a Ciena 6500, PTS, or CPL element's SFTP service connects and leverages the authentication bypass to obtain filesystem access without valid credentials, then downloads sensitive configuration or credential files and/or writes modified system files to tamper with the device. No user interaction or prior authentication is required (AV:N/AC:L/PR:N/UI:N), so a single crafted SFTP session is sufficient; no public POC is currently known.
Remediation Upgrade each affected platform to a Ciena release later than the listed vulnerable versions - 6500 S-Series beyond R16.96, 6500 T-Series and PTS beyond R16.1, and CPL beyond R12.63 - using the fixed builds identified in Ciena's advisory at https://www.ciena.com/product-security (no vendor-released patch version is independently confirmed from the available data, so obtain exact fixed builds from Ciena support). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify and document all affected Ciena platforms (6500 S-Series, 6500 T-Series, PTS, CPL); restrict SFTP inbound access via firewall to authorized networks only; enable audit logging for all SFTP and file-system access. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-5268 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy