CVE-2026-7704 MEDIUM

CVE-2026-7704: AV Stumpfl Pixera Two Media Server Service Port 1338 path traversal

Vendor Av Stumpfl
Product Pixera Two Media Server
Weakness CWE-22 · Path traversal
Published May 3, 2026
Last update May 4, 2026

CVSS base score

5.3/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability has been found in AV Stumpfl Pixera Two Media Server up to 25.1 R2. The affected element is an unknown function of the component Service Port 1338. Such manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. Upgrading to version 25.2 R3 is sufficient to fix this issue. It is advisable to upgrade the affected component.

Key dates

02Disclosure timeline

May 3, 2026 CVE published
May 4, 2026 Record updated

Related vulnerabilities

04Related CVE