CVE-2026-7704 | THREATINT

Home

Description

A vulnerability has been found in AV Stumpfl Pixera Two Media Server up to 25.1 R2. The affected element is an unknown function of the component Service Port 1338. Such manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. Upgrading to version 25.2 R3 is sufficient to fix this issue. It is advisable to upgrade the affected component.

PUBLISHED Reserved 2026-05-02 | Published 2026-05-03 | Updated 2026-05-03 | Assigner VulDB

MEDIUM: 5.3CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

MEDIUM: 4.3CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

MEDIUM: 4.3CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

3.3AV:A/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:OF/RC:C

Problem types

Path Traversal

Product status

25.1 R2
affected

25.2 R3
unaffected

Timeline

2026-05-02:	Advisory disclosed
2026-05-02:	VulDB entry created
2026-05-02:	VulDB entry last update

Credits

trebledj (VulDB User) reporter

References

vuldb.com/vuln/360873 (VDB-360873 | AV Stumpfl Pixera Two Media Server Service Port 1338 path traversal) vdb-entry

vuldb.com/vuln/360873/cti (VDB-360873 | CTI Indicators (IOB, IOC, TTP)) signature permissions-required

vuldb.com/submit/805275 (Submit #805275 | AV Stumpfl Pixera Two Media Server < 25.2 R3 Arbitrary File Read) third-party-advisory

gist.github.com/TrebledJ/585a20525e45549f299d282233632608 exploit

help.pixera.one/…n-overviews/pixera-252-overview-changelog patch release-notes

cve.org (CVE-2026-7704)

nvd.nist.gov (CVE-2026-7704)

Download JSON