CVE Catalog

CVE-2026-29515

Critical
Published: Translated: NVD NIST

Summary

MiCode FileExplorer contains an authentication bypass vulnerability in the embedded SwiFTP FTP server component that allows attackers to log in without valid credentials.

Risk Assessment

Attackers can gain unauthorized access to files, posing a serious threat to the organization's data security.

Recommendation

It is recommended to immediately disable or remove MiCode FileExplorer and consider alternative FTP solutions.

Original NVD description (English source)

MiCode FileExplorer contains an authentication bypass vulnerability in the embedded SwiFTP FTP server component that allows network attackers to log in without valid credentials. Attackers can send arbitrary username and password combinations to the PASS command handler, which unconditionally grants access and allows listing, reading, writing, and deleting files exposed by the FTP server. The MiCode/Explorer open source project has reached end-of-life status.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS