{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-7704", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-05-02T20:40:55.929Z", "datePublished": "2026-05-03T16:45:11.320Z", "dateUpdated": "2026-05-04T13:04:27.977Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-05-03T16:45:11.320Z"}, "title": "AV Stumpfl Pixera Two Media Server Service Port 1338 path traversal", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-22", "lang": "en", "description": "Path Traversal"}]}], "affected": [{"vendor": "AV Stumpfl", "product": "Pixera Two Media Server", "versions": [{"version": "25.1 R2", "status": "affected"}, {"version": "25.2 R3", "status": "unaffected"}], "modules": ["Service Port 1338"]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in AV Stumpfl Pixera Two Media Server up to 25.1 R2. The affected element is an unknown function of the component Service Port 1338. Such manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. Upgrading to version 25.2 R3 is sufficient to fix this issue. It is advisable to upgrade the affected component."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 3.3, "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:OF/RC:C"}}], "timeline": [{"time": "2026-05-02T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-05-02T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-05-02T22:46:04.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "trebledj (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/vuln/360873", "name": "VDB-360873 | AV Stumpfl Pixera Two Media Server Service Port 1338 path traversal", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/vuln/360873/cti", "name": "VDB-360873 | CTI Indicators (IOB, IOC, TTP)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/805275", "name": "Submit #805275 | AV Stumpfl Pixera Two Media Server < 25.2 R3 Arbitrary File Read", "tags": ["third-party-advisory"]}, {"url": "https://gist.github.com/TrebledJ/585a20525e45549f299d282233632608", "tags": ["exploit"]}, {"url": "https://help.pixera.one/changelogs-version-overviews/pixera-252-overview-changelog", "tags": ["patch", "release-notes"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-05-04T13:04:19.593806Z", "id": "CVE-2026-7704", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-04T13:04:27.977Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "AV Stumpfl Pixera Two Media Server Service Port 1338 path traversal", "credits": [{"lang": "en", "type": "reporter", "value": "trebledj (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 3.3, "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:OF/RC:C"}}], "affected": [{"vendor": "AV Stumpfl", "modules": ["Service Port 1338"], "product": "Pixera Two Media Server", "versions": [{"status": "affected", "version": "25.1 R2"}, {"status": "unaffected", "version": "25.2 R3"}]}], "timeline": [{"lang": "en", "time": "2026-05-02T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-05-02T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-05-02T22:46:04.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/360873", "name": "VDB-360873 | AV Stumpfl Pixera Two Media Server Service Port 1338 path traversal", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/vuln/360873/cti", "name": "VDB-360873 | CTI Indicators (IOB, IOC, TTP)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/805275", "name": "Submit #805275 | AV Stumpfl Pixera Two Media Server < 25.2 R3 Arbitrary File Read", "tags": ["third-party-advisory"]}, {"url": "https://gist.github.com/TrebledJ/585a20525e45549f299d282233632608", "tags": ["exploit"]}, {"url": "https://help.pixera.one/changelogs-version-overviews/pixera-252-overview-changelog", "tags": ["patch", "release-notes"]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in AV Stumpfl Pixera Two Media Server up to 25.1 R2. The affected element is an unknown function of the component Service Port 1338. Such manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. Upgrading to version 25.2 R3 is sufficient to fix this issue. It is advisable to upgrade the affected component."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "Path Traversal"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-05-03T16:45:11.320Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-7704", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-05-04T13:04:19.593806Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2026-05-04T13:04:24.215Z"}}]}, "cveMetadata": {"cveId": "CVE-2026-7704", "state": "PUBLISHED", "dateUpdated": "2026-05-03T16:45:11.320Z", "dateReserved": "2026-05-02T20:40:55.929Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-05-03T16:45:11.320Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in AV Stumpfl Pixera Two Media Server up to 25.1 R2. The affected element is an unknown function of the component Service Port 1338. Such manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. Upgrading to version 25.2 R3 is sufficient to fix this issue. It is advisable to upgrade the affected component."}], "id": "CVE-2026-7704", "lastModified": "2026-05-03T17:16:13.580", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.1, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-05-03T17:16:13.580", "references": [{"source": "cna@vuldb.com", "url": "https://gist.github.com/TrebledJ/585a20525e45549f299d282233632608"}, {"source": "cna@vuldb.com", "url": "https://help.pixera.one/changelogs-version-overviews/pixera-252-overview-changelog"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/submit/805275"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/360873"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/360873/cti"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "25.1 R2"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "25.2 R3"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Pixera Two Media Server", "source": "cna", "vendor": "AV Stumpfl"}, "product": "pixera_two_media_server", "vendor": "av_stumpfl"}], "created": "2026-05-03T18:30:27.045844+00:00", "updated": "2026-05-04T16:06:22.944961+00:00", "vendors": ["av_stumpfl", "av_stumpfl$PRODUCT$pixera_two_media_server"]}