CVE-2026-29515

Critical CVSS: 9.3

MiCode FileExplorer contains an authentication bypass vulnerability in the embedded SwiFTP FTP server component that allows network attackers to log in without valid credentials. Attackers can send arbitrary username and password combinations to the PASS command handler, which unconditionally grants access and allows listing, reading, writing, and deleting files exposed by the FTP server. The MiCode/Explorer open source project has reached end-of-life status.

Vendor

Product

CWE

CWE-303

Yayın Tarihi

2026-03-11 04:17:37

Güncelleme

2026-03-11 13:52:47

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-303 CRITICAL 2026

Referanslar

https://github.com/MiCode/FileExplorer https://www.vulncheck.com/advisories/micode-fileexplorer-swiftp-server-authentication-bypass