CVE-2026-7704

MEDIUM

AV Stumpfl Pixera Two Media Server Service Port 1338 path traversal

Title source: cna

Description

A vulnerability has been found in AV Stumpfl Pixera Two Media Server up to 25.1 R2. The affected element is an unknown function of the component Service Port 1338. Such manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. Upgrading to version 25.2 R3 is sufficient to fix this issue. It is advisable to upgrade the affected component.

References (5)

Core 5

Core References

Vdb Entry vdb-entry

VDB-360873 | AV Stumpfl Pixera Two Media Server Service Port 1338 path traversal

https://vuldb.com/vuln/360873

Signature, Permissions Required signature permissions-required

VDB-360873 | CTI Indicators (IOB, IOC, TTP)

https://vuldb.com/vuln/360873/cti

Third Party Advisory third-party-advisory

Submit #805275 | AV Stumpfl Pixera Two Media Server < 25.2 R3 Arbitrary File Read

https://vuldb.com/submit/805275

Exploit exploit

https://gist.github.com/TrebledJ/585a20525e45549f299d282233632608

Patch patch release-notes

https://help.pixera.one/changelogs-version-overviews/pixera-252-overview-changelog

Scores

CVSS v3 4.3

EPSS 0.0002

EPSS Percentile 4.0%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (2)

AV Stumpfl/Pixera Two Media Server 25.1 R2

AV Stumpfl/Pixera Two Media Server 25.2 R3

Published May 03, 2026

Tracked Since May 03, 2026