{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-7703", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-05-02T20:40:52.806Z", "datePublished": "2026-05-03T16:15:11.382Z", "dateUpdated": "2026-05-04T17:50:37.518Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-05-03T16:15:11.382Z"}, "title": "AV Stumpfl Pixera Two Media Server Websocket API code injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-94", "lang": "en", "description": "Code Injection"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-74", "lang": "en", "description": "Injection"}]}], "affected": [{"vendor": "AV Stumpfl", "product": "Pixera Two Media Server", "versions": [{"version": "25.2 R2", "status": "affected"}, {"version": "25.2 R3", "status": "unaffected"}], "modules": ["Websocket API"]}], "descriptions": [{"lang": "en", "value": "A flaw has been found in AV Stumpfl Pixera Two Media Server up to 25.2 R2. Impacted is an unknown function of the component Websocket API. This manipulation causes code injection. The attack can be initiated remotely. The exploit has been published and may be used. Upgrading to version 25.2 R3 is recommended to address this issue. Upgrading the affected component is advised."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C"}}], "timeline": [{"time": "2026-05-02T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-05-02T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-05-02T22:46:01.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "trebledj (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/vuln/360872", "name": "VDB-360872 | AV Stumpfl Pixera Two Media Server Websocket API code injection", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/vuln/360872/cti", "name": "VDB-360872 | CTI Indicators (IOB, IOC, TTP)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/805274", "name": "Submit #805274 | AV Stumpfl Pixera Two Media Server < 25.2 R3 Remote Code Execution", "tags": ["third-party-advisory"]}, {"url": "https://gist.github.com/TrebledJ/585a20525e45549f299d282233632608", "tags": ["exploit"]}, {"url": "https://help.pixera.one/changelogs-version-overviews/pixera-252-overview-changelog", "tags": ["patch", "release-notes"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-05-04T16:25:42.835492Z", "id": "CVE-2026-7703", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-04T17:50:37.518Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-7703", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-05-04T16:25:42.835492Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-04T16:25:50.566Z"}}], "cna": {"title": "AV Stumpfl Pixera Two Media Server Websocket API code injection", "credits": [{"lang": "en", "type": "reporter", "value": "trebledj (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C"}}], "affected": [{"vendor": "AV Stumpfl", "modules": ["Websocket API"], "product": "Pixera Two Media Server", "versions": [{"status": "affected", "version": "25.2 R2"}, {"status": "unaffected", "version": "25.2 R3"}]}], "timeline": [{"lang": "en", "time": "2026-05-02T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-05-02T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-05-02T22:46:01.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/360872", "name": "VDB-360872 | AV Stumpfl Pixera Two Media Server Websocket API code injection", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/vuln/360872/cti", "name": "VDB-360872 | CTI Indicators (IOB, IOC, TTP)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/805274", "name": "Submit #805274 | AV Stumpfl Pixera Two Media Server < 25.2 R3 Remote Code Execution", "tags": ["third-party-advisory"]}, {"url": "https://gist.github.com/TrebledJ/585a20525e45549f299d282233632608", "tags": ["exploit"]}, {"url": "https://help.pixera.one/changelogs-version-overviews/pixera-252-overview-changelog", "tags": ["patch", "release-notes"]}], "descriptions": [{"lang": "en", "value": "A flaw has been found in AV Stumpfl Pixera Two Media Server up to 25.2 R2. Impacted is an unknown function of the component Websocket API. This manipulation causes code injection. The attack can be initiated remotely. The exploit has been published and may be used. Upgrading to version 25.2 R3 is recommended to address this issue. Upgrading the affected component is advised."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "Code Injection"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-74", "description": "Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-05-03T16:15:11.382Z"}}}, "cveMetadata": {"cveId": "CVE-2026-7703", "state": "PUBLISHED", "dateUpdated": "2026-05-04T17:50:37.518Z", "dateReserved": "2026-05-02T20:40:52.806Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-05-03T16:15:11.382Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw has been found in AV Stumpfl Pixera Two Media Server up to 25.2 R2. Impacted is an unknown function of the component Websocket API. This manipulation causes code injection. The attack can be initiated remotely. The exploit has been published and may be used. Upgrading to version 25.2 R3 is recommended to address this issue. Upgrading the affected component is advised."}], "id": "CVE-2026-7703", "lastModified": "2026-05-03T17:16:13.393", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-05-03T17:16:13.393", "references": [{"source": "cna@vuldb.com", "url": "https://gist.github.com/TrebledJ/585a20525e45549f299d282233632608"}, {"source": "cna@vuldb.com", "url": "https://help.pixera.one/changelogs-version-overviews/pixera-252-overview-changelog"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/submit/805274"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/360872"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/360872/cti"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-94"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "25.2 R2"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "25.2 R3"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Pixera Two Media Server", "source": "cna", "vendor": "AV Stumpfl"}, "product": "pixera_two_media_server", "vendor": "av_stumpfl"}], "created": "2026-05-03T18:00:12.165421+00:00", "updated": "2026-05-04T16:06:24.201207+00:00", "vendors": ["av_stumpfl", "av_stumpfl$PRODUCT$pixera_two_media_server"]}