CVE-2026-29515
9.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Summary
MiCode FileExplorer contains an authentication bypass vulnerability in the embedded SwiFTP FTP server component that allows network attackers to log in without valid credentials. Attackers can send arbitrary username and password combinations to the PASS command handler, which unconditionally grants access and allows listing, reading, writing, and deleting files exposed by the FTP server. The MiCode/Explorer open source project has reached end-of-life status.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| MiCode | FileExplorer | 0 | affected |
Weaknesses
- CWE-303: CWE-303 Incorrect implementation of authentication algorithm
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
- https://github.com/MiCode/FileExplorer
- https://www.vulncheck.com/advisories/micode-fileexplorer-swiftp-server-authentication-bypass
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.