CVE-2026-7703
Deferred Deferred - Pending Action
Code Injection in AV Stumpfl Pixera Two Media Server

Publication date: 2026-05-03

Last updated on: 2026-05-05

Assigner: VulDB

Description
A flaw has been found in AV Stumpfl Pixera Two Media Server up to 25.2 R2. Impacted is an unknown function of the component Websocket API. This manipulation causes code injection. The attack can be initiated remotely. The exploit has been published and may be used. Upgrading to version 25.2 R3 is recommended to address this issue. Upgrading the affected component is advised.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-03
Last Modified
2026-05-05
Generated
2026-06-16
AI Q&A
2026-05-03
EPSS Evaluated
2026-06-15
NVD
CVE-2026-7703
EUVD
EUVD-2026-26841
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
av_stumpfl pixera_two_media_server to 25.2 R2 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
CWE-74 The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a flaw found in AV Stumpfl Pixera Two Media Server up to version 25.2 R2, specifically in an unknown function of the Websocket API component. It allows an attacker to perform code injection remotely, meaning malicious code can be inserted and executed on the affected system without physical access.

Impact Analysis

The vulnerability can lead to remote code execution on the affected media server, potentially allowing attackers to take control of the system, manipulate data, disrupt services, or use the compromised system as a foothold for further attacks.

Mitigation Strategies

The recommended immediate step to mitigate this vulnerability is to upgrade AV Stumpfl Pixera Two Media Server to version 25.2 R3.

Upgrading the affected component is advised to address the code injection flaw in the Websocket API.

Compliance Impact

The vulnerability allows remote code execution and arbitrary file read on the AV Stumpfl Pixera Two Media Server, potentially leading to unauthorized access to sensitive data and system compromise.

Such unauthorized access and potential data exposure could impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive information against unauthorized access and breaches.

However, the provided information does not explicitly discuss the direct impact of this vulnerability on compliance with these standards or any regulatory requirements.

Detection Guidance

The vulnerability involves a Remote Code Execution flaw via the default-configured websocket API on port 1338 of AV Stumpfl Pixera Two Media Server versions prior to 25.2 R3.

To detect this vulnerability on your network or system, you can check if the websocket API on port 1338 is accessible and accepting connections without authentication.

A simple network scan command to check if port 1338 is open on the target server could be:

  • nmap -p 1338 <target-ip>

If the port is open, you may attempt to interact with the websocket API to verify if it is vulnerable. However, since the vulnerability allows unauthenticated remote code execution, any unexpected or unauthorized responses or behaviors from the websocket API on port 1338 could indicate the presence of the flaw.

It is recommended to upgrade to version 25.2 R3 which patches this vulnerability and to apply strict IP whitelisting to restrict access to the API.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7703. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart