MEDIUM SeverityCVSS 4.05.3CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

CVE-2026-7704

Last updated May 03, 2026 · Published May 03, 2026

Description

A vulnerability has been found in AV Stumpfl Pixera Two Media Server up to 25.1 R2. The affected element is an unknown function of the component Service Port 1338. Such manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. Upgrading to version 25.2 R3 is sufficient to fix this issue. It is advisable to upgrade the affected component.

Affected products

1 listed

AV Stumpfl:Pixera Two Media Server

Mappings

CWE

CWE-22

CAPEC

None listed.

Research

Path traversal: how to detect and prevent itPath traversal lets attackers read or write files outside intended directories. Normalise paths, resolve them…

Training

Secure File HandlingUploads, storage, and serving files without opening the door to attackers.

CVE-2026-7704

Description

Affected products

Mappings

Related