CVE-2026-29515
Authentication Bypass in MiCode FileExplorer SwiFTP Enables Unauthorized FTP Access
Publication date: 2026-03-11
Last updated on: 2026-03-11
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| micode | fileexplorer | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-303 | The requirements for the product dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-29515 is an authentication bypass vulnerability in the MiCode FileExplorer application, specifically in its embedded SwiFTP FTP server component.
This flaw allows remote attackers to bypass the normal login process by sending arbitrary username and password combinations to the PASS command handler, which incorrectly grants access without validating credentials.
As a result, attackers can gain unauthorized access to the FTP server and perform operations such as listing, reading, writing, and deleting files exposed by the server.
How can this vulnerability impact me? :
This vulnerability can have severe impacts because it allows attackers to gain unauthorized access to files on the affected FTP server without any valid credentials.
- Attackers can list files, potentially exposing sensitive information.
- They can read confidential data stored on the server.
- They can write or upload malicious files, potentially compromising the system further.
- They can delete important files, causing data loss or disruption.
Because the vulnerability requires no privileges or user interaction and has a low attack complexity, it poses a high risk to confidentiality and integrity of data.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to authenticate to the embedded SwiFTP FTP server component of MiCode FileExplorer using arbitrary username and password combinations. If the server grants access without validating credentials, it indicates the presence of the authentication bypass.
A practical detection method is to connect to the FTP server and send PASS commands with arbitrary credentials to see if access is granted.
- Use an FTP client or command line tool to connect to the FTP server on the target system.
- Attempt to log in with random usernames and passwords, for example using the command: ftp <target-ip>
- At the username prompt, enter any username.
- At the password prompt, enter any password.
- If login is successful despite invalid credentials, the vulnerability is present.
What immediate steps should I take to mitigate this vulnerability?
Since the MiCode FileExplorer project is no longer supported and the vulnerability remains unpatched, immediate mitigation steps should focus on limiting exposure.
- Disable or block access to the embedded SwiFTP FTP server component on affected systems to prevent unauthorized access.
- Restrict network access to the FTP server by using firewall rules to block incoming connections on the FTP port.
- Monitor network traffic for unauthorized FTP access attempts.
- Consider removing or replacing the MiCode FileExplorer application with a supported alternative that does not contain this vulnerability.