PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-29515 MiCode CVE debrief

CVE-2026-29515 is an authentication bypass vulnerability in the SwiFTP FTP server component of Xiaomi's FileExplorer. This vulnerability allows network attackers to log in without valid credentials by sending arbitrary username and password combinations to the PASS command handler, which unconditionally grants access. This access allows attackers to list, read, write, and delete files exposed by the FTP server. The MiCode/Explorer open source project has reached end-of-life status.

Vendor
MiCode
Product
FileExplorer
CVSS
CRITICAL 9.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-03-11
Original CVE updated
2026-07-14
Advisory published
2026-03-11
Advisory updated
2026-07-14

Who should care

Network administrators and security teams responsible for Xiaomi FileExplorer and SwiFTP FTP server components should prioritize patching this vulnerability. The critical severity (CVSS score of 9.3) indicates a high risk of exploitation, which could lead to unauthorized file access and manipulation.

Technical summary

The vulnerability exists in the SwiFTP FTP server component of Xiaomi's FileExplorer. An attacker can bypass authentication by sending arbitrary credentials to the PASS command handler, which does not verify the credentials properly. This allows for unauthorized access to files exposed by the FTP server, enabling listing, reading, writing, and deletion of files. The MiCode/Explorer open source project has reached end-of-life status, and network administrators should consider replacing or discontinuing its use. The critical severity (CVSS score of 9.3) indicates a high risk of exploitation, which could lead to unauthorized file access and manipulation. To mitigate this vulnerability, it is essential to apply patches or updates provided by Xiaomi and implement compensating controls such as restricting FTP access to trusted networks or implementing additional authentication mechanisms.

Defensive priority

High

Recommended defensive actions

  • Apply patches or updates provided by Xiaomi to fix the authentication bypass vulnerability in the SwiFTP FTP server component of FileExplorer.
  • Implement compensating controls such as restricting FTP access to trusted networks or implementing additional authentication mechanisms.
  • Monitor FTP server logs for suspicious activity and implement security monitoring to detect potential exploitation attempts.
  • Consider replacing or discontinuing the use of the end-of-life MiCode/Explorer open source project.
  • Conduct regular vulnerability assessments and penetration testing to identify and address potential security weaknesses.

Evidence notes

The CVE record was published on 2026-03-11T04:17:37.213Z and was last modified on 2026-07-14T19:16:56.080Z. The NVD entry is currently Analyzed. The vulnerability has a CVSS score of 9.3 and a severity of CRITICAL.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-03-11T04:17:37.213Z and has not been modified since then. The NVD entry is currently Analyzed.