If you run a peertube instance and have not patched in the past 4 hours, you are way behind and likely have been compromised.

Reply to If you run a peertube instance and have not patched in the past 4 hours, you are way behind and likely have been compromised. on Sat, 23 May 2026 22:15:46 GMT

jgg@qoto.org — Sat, 23 May 2026 22:15:46 GMT

At this time and age, an SQL injection vulnerability is a clear proof of sloppiness, unless the vulnerability is in the data access library they are using, of course.

There are so many ways to access a database that make impossible that kind of attack that there is no excuse.
It is not something weird or complex; even PHP official documentation explains clearly how to avoid them when they explain how to access a DB.

Let's hope they have learned their lesson and they change all their DB code according to best practices.

We are in 2026, for God's sake.

Reply to If you run a peertube instance and have not patched in the past 4 hours, you are way behind and likely have been compromised. on Sat, 23 May 2026 20:05:00 GMT

milkytwix@social.tchncs.de — Sat, 23 May 2026 20:05:00 GMT

@jerry does this affect tchncs @milan ?

Reply to If you run a peertube instance and have not patched in the past 4 hours, you are way behind and likely have been compromised. on Sat, 23 May 2026 16:23:15 GMT

cthos@mastodon.cthos.dev — Sat, 23 May 2026 16:23:15 GMT

@Jerry@hear-me.social @jerry@infosec.exchange Same... and now it's time for coffee.

Reply to If you run a peertube instance and have not patched in the past 4 hours, you are way behind and likely have been compromised. on Sat, 23 May 2026 16:01:59 GMT

tunafishtiger@mastodon.online — Sat, 23 May 2026 16:01:59 GMT

@jerry @lety

Reply to If you run a peertube instance and have not patched in the past 4 hours, you are way behind and likely have been compromised. on Sat, 23 May 2026 15:32:09 GMT

almonds@mastodon.mit.edu — Sat, 23 May 2026 15:32:09 GMT

@jerry I wonder if someone can design a SQL injection to update instances, for the users who are having trouble contacting their instance maintainers

Reply to If you run a peertube instance and have not patched in the past 4 hours, you are way behind and likely have been compromised. on Sat, 23 May 2026 14:17:25 GMT

aspragg@ohai.social — Sat, 23 May 2026 14:17:25 GMT

@jerry If you've been compromised, will a patch really clean things up? I thought the general wisdom was that you should nuke the site from orbit and perform a clean OS install + restore from backups?

Reply to If you run a peertube instance and have not patched in the past 4 hours, you are way behind and likely have been compromised. on Sat, 23 May 2026 14:15:03 GMT

jawnsy@mastodon.social — Sat, 23 May 2026 14:15:03 GMT

@jerry Impressive release with detections and mitigations in the notes. The team did well responding to it.

Reply to If you run a peertube instance and have not patched in the past 4 hours, you are way behind and likely have been compromised. on Sat, 23 May 2026 13:55:27 GMT

jerry@hear-me.social — Sat, 23 May 2026 13:55:27 GMT

@jerry@infosec.exchange It was quite a thing to wake up to this morning. I upgraded my instance before I even had my coffee.

Reply to If you run a peertube instance and have not patched in the past 4 hours, you are way behind and likely have been compromised. on Sat, 23 May 2026 13:34:15 GMT

jerry@infosec.exchange — Sat, 23 May 2026 13:34:15 GMT

Also, hat tip to the peertube developers for being so responsive.