CVE-2026-7703 | THREATINT

Home

Description

A flaw has been found in AV Stumpfl Pixera Two Media Server up to 25.2 R2. Impacted is an unknown function of the component Websocket API. This manipulation causes code injection. The attack can be initiated remotely. The exploit has been published and may be used. Upgrading to version 25.2 R3 is recommended to address this issue. Upgrading the affected component is advised.

PUBLISHED Reserved 2026-05-02 | Published 2026-05-03 | Updated 2026-05-03 | Assigner VulDB

MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

HIGH: 7.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

HIGH: 7.3CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

7.5AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C

Problem types

Code Injection

Injection

Product status

25.2 R2
affected

25.2 R3
unaffected

Timeline

2026-05-02:	Advisory disclosed
2026-05-02:	VulDB entry created
2026-05-02:	VulDB entry last update

Credits

trebledj (VulDB User) reporter

References

vuldb.com/vuln/360872 (VDB-360872 | AV Stumpfl Pixera Two Media Server Websocket API code injection) vdb-entry

vuldb.com/vuln/360872/cti (VDB-360872 | CTI Indicators (IOB, IOC, TTP)) signature permissions-required

vuldb.com/submit/805274 (Submit #805274 | AV Stumpfl Pixera Two Media Server < 25.2 R3 Remote Code Execution) third-party-advisory

gist.github.com/TrebledJ/585a20525e45549f299d282233632608 exploit

help.pixera.one/…n-overviews/pixera-252-overview-changelog patch release-notes

cve.org (CVE-2026-7703)

nvd.nist.gov (CVE-2026-7703)

Download JSON