Which versions of Pixera Two Media Server are affected by CVE-2026-7703?

AV Stumpfl Pixera Two Media Server versions 25.2 R2 and earlier contain a critical code injection vulnerability in the WebSocket API that allows unauthenticated attackers to execute arbitrary code…. A patch is available.

Is there a public PoC exploit available for CVE-2026-7703?

Yes, a public proof-of-concept exploit is available for CVE-2026-7703. Prioritise patching immediately. EPSS: 0.0%.

Pixera Two Media Server CVE-2026-7703

Q: What is the CVSS score of CVE-2026-7703?

CVE-2026-7703 has a CVSS 4.0 base score of 5.5 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-26841 MEDIUM

Code Injection (CWE-94)

2026-05-03 VulDB

RCE Code Injection

5.5

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Severity Changed

May 03, 2026 - 17:22 NVD

HIGH MEDIUM

CVSS changed

May 03, 2026 - 17:22 NVD

7.3 (HIGH) 5.5 (MEDIUM)

PoC Detected

May 03, 2026 - 17:16 vuln.today

Public exploit code

Analysis Generated

May 03, 2026 - 17:00 vuln.today

EUVD ID Assigned

May 03, 2026 - 16:30 euvd

EUVD-2026-26841

Analysis Generated

May 03, 2026 - 16:30 vuln.today

Patch released

May 03, 2026 - 16:30 nvd

Patch available

CVE Published

May 03, 2026 - 16:15 nvd

MEDIUM 5.5

DescriptionNVD

A flaw has been found in AV Stumpfl Pixera Two Media Server up to 25.2 R2. Impacted is an unknown function of the component Websocket API. This manipulation causes code injection. The attack can be initiated remotely. The exploit has been published and may be used. Upgrading to version 25.2 R3 is recommended to address this issue. Upgrading the affected component is advised.

AnalysisAI

Code injection via Websocket API in AV Stumpfl Pixera Two Media Server ≤25.2 R2 allows unauthenticated remote attackers to execute arbitrary code with low complexity. Publicly available exploit code (GitHub Gist) enables network-based compromise with partial impact to confidentiality, integrity, and availability (CVSS:3.1/C:L/I:L/A:L). …

RemediationAI

Within 24 hours: Identify all instances of Pixera Two Media Server in production and verify current version. Within 7 days: Apply vendor-released patch version 25.2 R3 to all affected systems; if immediate patching is not feasible, implement network segmentation to restrict WebSocket API access to trusted management networks only. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-7703 vulnerability details – vuln.today

Back

Pixera Two Media Server CVE-2026-7703

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Pixera Two Media Server CVE-2026-7703

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code