CRITICAL
Xiaomi Technology Co., Ltd.
CVE published 2026-02-12
CVE-2026-26214
The Galaxy FDS Android SDK (XiaoMi/galaxy-fds-sdk-android) version 3.0.8 and prior disable TLS hostname verification when HTTPS is enabled, which is the default configuration. This allows a man-in-the-middle attacker to intercept and modify SDK communications to Xiaomi FDS cloud storage endpoints. The vulnerability affects all applications using the SDK with default settings. Developers and users of the G [truncated]