PatchSiren

MiCode CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

CRITICAL MiCode CVE published 2026-03-11

CVE-2026-29515

CVE-2026-29515 is an authentication bypass vulnerability in the SwiFTP FTP server component of Xiaomi's FileExplorer. This vulnerability allows network attackers to log in without valid credentials by sending arbitrary username and password combinations to the PASS command handler, which unconditionally grants access. This access allows attackers to list, read, write, and delete files exposed by the FTP s [truncated]