Cross-Site Scripting Vulnerability in PeerTube Video Streaming Platform
CVE-2026-57167

5.1MEDIUM

Key Information:

Vendor

Chocobozzz

Status
Vendor
CVE Published:
10 July 2026

What is CVE-2026-57167?

PeerTube, an ActivityPub-federated video streaming platform, was affected by a Cross-Site Scripting vulnerability in its server-side-rendered video watch pages. Prior to version 8.2.2, the platform improperly handled video metadata embedded in schema.org JSON-LD blocks, failing to escape certain characters. This oversight allowed attackers to inject arbitrary HTML or JavaScript into the pages, executing code within the user's instance origin when viewing compromised videos. This issue has been addressed in version 8.2.2.

Affected Version(s)

PeerTube < 8.2.2

References

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.