CVE-2026-7703 MEDIUM

CVE-2026-7703: AV Stumpfl Pixera Two Media Server Websocket API code injection

Vendor Av Stumpfl
Product Pixera Two Media Server
Weakness CWE-94 · Code injection
Published May 3, 2026
Last update May 4, 2026

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A flaw has been found in AV Stumpfl Pixera Two Media Server up to 25.2 R2. Impacted is an unknown function of the component Websocket API. This manipulation causes code injection. The attack can be initiated remotely. The exploit has been published and may be used. Upgrading to version 25.2 R3 is recommended to address this issue. Upgrading the affected component is advised.

Key dates

02Disclosure timeline

May 3, 2026 CVE published
May 4, 2026 Record updated