PatchSiren

Xiaomi Technology Co., Ltd. CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

CRITICAL Xiaomi Technology Co., Ltd. CVE published 2026-02-12

CVE-2026-26214

The Galaxy FDS Android SDK (XiaoMi/galaxy-fds-sdk-android) version 3.0.8 and prior disable TLS hostname verification when HTTPS is enabled, which is the default configuration. This allows a man-in-the-middle attacker to intercept and modify SDK communications to Xiaomi FDS cloud storage endpoints. The vulnerability affects all applications using the SDK with default settings. Developers and users of the G [truncated]