Code Injection Vulnerability in AV Stumpfl Pixera Two Media Server
CVE-2026-7703

6.9MEDIUM

Key Information:

Vendor: Av Stumpfl
Status: Pixera Two Media Server
Vendor: CVE Published:; 3 May 2026

Badges

👾 Exploit Exists

What is CVE-2026-7703?

A code injection vulnerability has been identified in the AV Stumpfl Pixera Two Media Server, specifically within the Websocket API component. This flaw allows for remote code execution through exploitation of an unspecified function, which could potentially lead to severe security breaches. Users are advised to upgrade to version 25.2 R3 to eliminate this risk and secure their systems.

Affected Version(s)

Pixera Two Media Server 25.2 R2

Pixera Two Media Server 25.2 R3

References

https://vuldb.com/vuln/360872

vdb-entry

https://vuldb.com/vuln/360872/cti

signaturepermissions-required

https://vuldb.com/submit/805274

third-party-advisory

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
May 3, 2026
👾
Exploit known to exist
May 3, 2026
Vulnerability published
May 3, 2026
Vulnerability Reserved
May 2, 2026

Credit

trebledj (VulDB User)

CVE-2026-7703 Data

JSON

Av Stumpfl