CVE-2026-7703
Published: 03 May 2026
Summary
CVE-2026-7703 is a high-severity Injection (CWE-74) vulnerability in Pixera Two Media (inferred from references). Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 19.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates CVE-2026-7703 by requiring timely application of the vendor-recommended upgrade to version 25.2 R3, eliminating the code injection flaw in the Websocket API.
Prevents code injection exploitation by enforcing validation of all inputs to the vulnerable Websocket API function, addressing CWE-74 and CWE-94 root causes.
Identifies the presence of CVE-2026-7703 in deployed Pixera Media Server instances through regular vulnerability scanning, enabling proactive remediation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated code injection in exposed Websocket API enables T1190 (Exploit Public-Facing Application) for initial access and directly facilitates T1059 (Command and Scripting Interpreter) via arbitrary code execution.
NVD Description
A flaw has been found in AV Stumpfl Pixera Two Media Server up to 25.2 R2. Impacted is an unknown function of the component Websocket API. This manipulation causes code injection. The attack can be initiated remotely. The exploit has…
more
been published and may be used. Upgrading to version 25.2 R3 is recommended to address this issue. Upgrading the affected component is advised.
Deeper analysisAI
CVE-2026-7703 is a code injection vulnerability affecting AV Stumpfl Pixera Two Media Server versions up to 25.2 R2. The flaw resides in an unknown function within the Websocket API component, allowing remote attackers to manipulate inputs and inject code. It is classified under CWE-74 (injection) and CWE-94 (code injection), with a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L), indicating high severity due to its network accessibility and lack of prerequisites.
Attackers can exploit this vulnerability remotely without authentication or user interaction, targeting systems exposing the Websocket API over the network. Successful exploitation enables limited impacts on confidentiality, integrity, and availability, potentially allowing arbitrary code execution within the context of the media server. An exploit has been publicly disclosed, increasing the risk of immediate abuse.
Advisories recommend upgrading to version 25.2 R3 to mitigate the issue, as detailed in the Pixera changelog. Additional resources from VulDB and a GitHub Gist provide further vulnerability details, submission records, and the exploit code itself.
The published exploit heightens the urgency for patching, as it may already be in use against exposed instances of this media server software.
Details
- CWE(s)