CVE-2026-29515

MiCode FileExplorer - Auth Bypass

Title source: llm

Description

MiCode FileExplorer contains an authentication bypass vulnerability in the embedded SwiFTP FTP server component that allows network attackers to log in without valid credentials. Attackers can send arbitrary username and password combinations to the PASS command handler, which unconditionally grants access and allows listing, reading, writing, and deleting files exposed by the FTP server. The MiCode/Explorer open source project has reached end-of-life status.

References (2)

[Various Sources] https://github.com/MiCode/FileExplorer

View Writeup ZIP pw:eip

[Third Party Advisory] https://www.vulncheck.com/advisories/micode-fileexplorer-swiftp-server-authentication-bypass

Scores

EPSS 0.0007

EPSS Percentile 20.7%

Classification

CWE

CWE-303

Status draft

Timeline

Published Mar 11, 2026

Tracked Since Mar 11, 2026