Skip to content
CVSS 7.3 · HIGH

CVE-2026-7703

A flaw has been found in AV Stumpfl Pixera Two Media Server up to 25.2 R2. Impacted is an unknown function of the component Websocket API. This manipulation causes code injection. The attack can be initiated remotely. The exploit has been published and may be used. Upgrading to version 25.2 R3 is recommended to address this issue. Upgrading the affected component is advised.

View on NVD

Analysis

This is a specialized media server for professional live events and digital signage. While it allows remote code injection and an exploit is available, the product is highly niche and not used by general web, mobile, or backend developers in the community.

Severity

Score: 7.3(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: LOW
I: LOW
A: LOW
Weakness (CWE): CWE-74CWE-94

EPSS

Probability of exploitation (next 30 days): 0.0005 (0.0%)
Percentile: 14.1%
EPSS: 2026-05-06

Technical description

A flaw has been found in AV Stumpfl Pixera Two Media Server up to 25.2 R2. Impacted is an unknown function of the component Websocket API. This manipulation causes code injection. The attack can be initiated remotely. The exploit has been published and may be used. Upgrading to version 25.2 R3 is recommended to address this issue. Upgrading the affected component is advised.

Published: 5/3/2026, 5:16:13 PM
Last modified: 5/5/2026, 7:13:44 PM

References

HomeEventsBlogResourcesTeam