CVE-2026-29515
🟠 Łataj w tym tygodniu
Obejście uwierzytelnienia w MiCode FileExplorer umożliwia atakującym dostęp do plików bez hasła.
CVSS
9.8
EPSS
0.2%
Exploit
none
Vendor
xiaomi
Opis źródłowy (NVD)
MiCode FileExplorer contains an authentication bypass vulnerability in the embedded SwiFTP FTP server component that allows network attackers to log in without valid credentials. Attackers can send arbitrary username and password combinations to the PASS command handler, which unconditionally grants access and allows listing, reading, writing, and deleting files exposed by the FTP server. The MiCode/Explorer open source project has reached end-of-life status.
auth-bypass
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 9.8 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 0.2% |
| Opublikowano (NVD) | 2026-03-11 04:17:37 UTC |
| Ostatnia modyfikacja (NVD) | 2026-05-07 18:15:22 UTC |
Referencje
- https://github.com/MiCode/FileExplorer (disclosure@vulncheck.com) [Product]
- https://www.vulncheck.com/advisories/micode-fileexplorer-swiftp-server-authentication-bypass (disclosure@vulncheck.com) [Third Party Advisory, VDB Entry]