Skip to main content

Cpl

1 CVEs product

Monthly

CVE-2026-5268 CRITICAL Act Now

Authentication bypass in the default SFTP server component shared across Ciena's 6500 S-Series, 6500 T-Series, PTS, and CPL packet-optical transport platforms allows a remote, unauthenticated attacker to reach the underlying filesystem and read or modify system files. Rated CVSS 9.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) and classified as CWE-288, the flaw undermines the primary access control on management-plane file transfer. No public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Authentication Bypass 6500 S Series 6500 T Series Pts Cpl
NVD
CVSS 3.1
9.1
EPSS
0.4%
EPSS 0% CVSS 9.1
CRITICAL Act Now

Authentication bypass in the default SFTP server component shared across Ciena's 6500 S-Series, 6500 T-Series, PTS, and CPL packet-optical transport platforms allows a remote, unauthenticated attacker to reach the underlying filesystem and read or modify system files. Rated CVSS 9.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) and classified as CWE-288, the flaw undermines the primary access control on management-plane file transfer. No public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Authentication Bypass 6500 S Series 6500 T Series +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy