Critical severity9.8NVD Advisory· Published Mar 11, 2026· Updated May 7, 2026
CVE-2026-29515
CVE-2026-29515
Description
MiCode FileExplorer contains an authentication bypass vulnerability in the embedded SwiFTP FTP server component that allows network attackers to log in without valid credentials. Attackers can send arbitrary username and password combinations to the PASS command handler, which unconditionally grants access and allows listing, reading, writing, and deleting files exposed by the FTP server. The MiCode/Explorer open source project has reached end-of-life status.
Affected products
2- cpe:2.3:a:xiaomi:fileexplorer:-:*:*:*:*:*:*:*
- Range: 0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.vulncheck.com/advisories/micode-fileexplorer-swiftp-server-authentication-bypassnvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.