Home

Description

MiCode FileExplorer contains an authentication bypass vulnerability in the embedded SwiFTP FTP server component that allows network attackers to log in without valid credentials. Attackers can send arbitrary username and password combinations to the PASS command handler, which unconditionally grants access and allows listing, reading, writing, and deleting files exposed by the FTP server. The MiCode/Explorer open source project has reached end-of-life status.

PUBLISHED Reserved 2026-03-04 | Published 2026-03-11 | Updated 2026-03-11 | Assigner VulnCheck




CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-303 Incorrect implementation of authentication algorithm

Product status

Default status
unknown

Any version
affected

Credits

XavLimSG finder

VulnCheck coordinator

References

github.com/MiCode/FileExplorer product

www.vulncheck.com/...rer-swiftp-server-authentication-bypass third-party-advisory

cve.org (CVE-2026-29515)

nvd.nist.gov (CVE-2026-29515)

Download JSON