AV Stumpfl Pixera Two Media Server Websocket API Code Injection
A high-severity code injection vulnerability, CVE-2026-7703, has been identified in AV Stumpfl Pixera Two Media Server versions up to 25.2 R2. The National Vulnerability Database reports that the flaw resides within an unspecified function of the Websocket API component. This vulnerability allows for remote code injection, presenting a significant risk to affected systems.
The attack vector is entirely remote, meaning an attacker does not require local access or user interaction to exploit this weakness. The exploit code has been publicly released, raising the urgency for immediate remediation. Given the public availability of exploit details, defenders should assume active exploitation is either underway or imminent. The National Vulnerability Database assigned a CVSS score of 7.3 (High), with a vector indicating network-based attack, low attack complexity, no privileges required, and no user interaction.
Organizations utilizing AV Stumpfl Pixera Two Media Server should prioritize upgrading to version 25.2 R3 immediately. This patch directly addresses the identified code injection flaw. Failure to patch promptly leaves these critical media servers exposed to remote compromise, potentially leading to unauthorized data access, system manipulation, or further network penetration.
What This Means For You
- If your organization uses AV Stumpfl Pixera Two Media Server, you need to check your version numbers right now. Any deployment running 25.2 R2 or earlier is vulnerable to remote code injection via the Websocket API. This isn't theoretical; the exploit is public. You need to upgrade to version 25.2 R3 immediately to close this critical hole.
Related ATT&CK Techniques
🛡️ Detection Rules
2 rules · 6 SIEM formats2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
AV Stumpfl Pixera Websocket API Code Injection - CVE-2026-7703
title: AV Stumpfl Pixera Websocket API Code Injection - CVE-2026-7703
id: scw-2026-05-03-ai-1
status: experimental
level: critical
description: |
Detects attempts to exploit CVE-2026-7703 by sending a POST request to the /websocket endpoint with a JSON payload containing a system.exec method call, indicative of a code injection attempt into the AV Stumpfl Pixera Two Media Server Websocket API.
author: SCW Feed Engine (AI-generated)
date: 2026-05-03
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-7703/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-uri|contains:
- '/websocket'
cs-method|exact:
- 'POST'
cs-uri-query|contains:
- '{"jsonrpc": "2.0", "method": "system.exec", "params": ["'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-7703 | Code Injection | AV Stumpfl Pixera Two Media Server up to 25.2 R2 |
| CVE-2026-7703 | Code Injection | Websocket API component in AV Stumpfl Pixera Two Media Server |
| CVE-2026-7703 | Code Injection | Upgrade AV Stumpfl Pixera Two Media Server to version 25.2 R3 |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 03, 2026 at 20:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-7704 — AV Stumpfl Pixera Two Media Server Path Traversal
CVE-2026-7704 — A vulnerability has been found in AV Stumpfl Pixera Two Media Server up to 25.1 R2. The affected element is an unknown function...
CVE-2026-7702 — Toeverything AFFiNE Vulnerability
CVE-2026-7702 — A vulnerability was detected in toeverything AFFiNE up to 0.26.3. This issue affects the function allowDocPreview of the file /workspace/:workspaceId/:docId of the component...
CVE-2026-7701 — Telegram Desktop Null Pointer Dereference
CVE-2026-7701 — A security vulnerability has been detected in Telegram Desktop up to 6.7.5. This vulnerability affects the function RequestButton of the file Telegram/SourceFiles/boxes/url_auth_box.cpp of...