CNNVD-202602-2118 Information

Feb 12, 2026 cve

CNNVD ID

CNNVD-202602-2118

CVE-2026-26214

CNNVD Published: 2026-02-12

Description (Chinese)

galaxy-fds-sdk-android是Xiaomi开源的一个用于小米文件数据存储的开发者工具包。 galaxy-fds-sdk-android 3.0.8及之前版本存在安全漏洞，该漏洞源于启用HTTPS时禁用TLS主机名验证，可能导致中间人攻击者拦截和修改通信，暴露身份验证凭据和文件内容。

Description (English)

Galaxy-fds-sdk-android is a developer tool kit for the storage of millimetre file data from Xiaomi open source. Galaxy-fds-sdk-android 3.0.8 and earlier versions had a security loophole, stemming from the ban on TLS hostnames when HTTPS was activated, which could lead to the interception and modification of communications by middlemen and the exposure of identification certificates and documents.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

小米

Published

2026-02-12

Last Modified

2026-02-24

References

https://github.com/XiaoMi/galaxy-fds-sdk-android https://www.vulncheck.com/advisories/xiaomi-galaxy-fds-android-sdk-tls-hostname-verification-disabled-enables-mitm https://access.redhat.com/security/cve/cve-2026-26214

Share on: