NVD Vulnerability Detail
Search Exploit, PoC
CVE-2026-57167
Summary

PeerTube is an ActivityPub-federated video streaming platform. Prior to 8.2.2, server-side-rendered video watch pages embed a schema.org JSON-LD block by JSON.stringify-ing video metadata without escaping less-than, greater-than, or slash characters, allowing a value containing the byte sequence that closes a script element to inject arbitrary HTML or JavaScript that executes in the instance origin for visitors to the attacker's videos. This issue is fixed in version 8.2.2.

Publication Date July 11, 2026, 2:17 a.m.
Registration Date July 11, 2026, 4:16 a.m.
Last Update July 11, 2026, 3:56 a.m.
Related information, measures and tools
Common Vulnerabilities List