CVE-2026-7703

HIGH

AV Stumpfl Pixera Two Media Server Websocket API code injection

Title source: cna

Description

A flaw has been found in AV Stumpfl Pixera Two Media Server up to 25.2 R2. Impacted is an unknown function of the component Websocket API. This manipulation causes code injection. The attack can be initiated remotely. The exploit has been published and may be used. Upgrading to version 25.2 R3 is recommended to address this issue. Upgrading the affected component is advised.

References (5)

Core 5

Core References

Vdb Entry vdb-entry

VDB-360872 | AV Stumpfl Pixera Two Media Server Websocket API code injection

https://vuldb.com/vuln/360872

Signature, Permissions Required signature permissions-required

VDB-360872 | CTI Indicators (IOB, IOC, TTP)

https://vuldb.com/vuln/360872/cti

Third Party Advisory third-party-advisory

Submit #805274 | AV Stumpfl Pixera Two Media Server < 25.2 R3 Remote Code Execution

https://vuldb.com/submit/805274

Exploit exploit

https://gist.github.com/TrebledJ/585a20525e45549f299d282233632608

Patch patch release-notes

https://help.pixera.one/changelogs-version-overviews/pixera-252-overview-changelog

Scores

CVSS v3 7.3

EPSS 0.0005

EPSS Percentile 14.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-74 CWE-94

Status published

Products (2)

AV Stumpfl/Pixera Two Media Server 25.2 R2

AV Stumpfl/Pixera Two Media Server 25.2 R3

Published May 03, 2026

Tracked Since May 03, 2026