Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.3
MiCode FileExplorer's FTP Server Can Be Tricked into Letting Anyone In
CVE-2026-29515
Summary
The FTP server in MiCode FileExplorer can be tricked into allowing anyone to access and modify files without needing a password. This is because of a design flaw that doesn't properly check login credentials. If you use MiCode FileExplorer, update to a secure alternative or replace it with a different file explorer.
Original title
MiCode FileExplorer contains an authentication bypass vulnerability in the embedded SwiFTP FTP server component that allows network attackers to log in without valid credentials. Attackers can send...
Original description
MiCode FileExplorer contains an authentication bypass vulnerability in the embedded SwiFTP FTP server component that allows network attackers to log in without valid credentials. Attackers can send arbitrary username and password combinations to the PASS command handler, which unconditionally grants access and allows listing, reading, writing, and deleting files exposed by the FTP server. The MiCode/Explorer open source project has reached end-of-life status.
nvd CVSS4.0
9.3
Vulnerability type
CWE-303
Published: 11 Mar 2026 · Updated: 14 Mar 2026 · First seen: 11 Mar 2026