CRITICAL
MiCode
CVE published 2026-03-11
CVE-2026-29515
CVE-2026-29515 is an authentication bypass vulnerability in the SwiFTP FTP server component of Xiaomi's FileExplorer. This vulnerability allows network attackers to log in without valid credentials by sending arbitrary username and password combinations to the PASS command handler, which unconditionally grants access. This access allows attackers to list, read, write, and delete files exposed by the FTP s [truncated]