CRITICAL
ArchiveBox
CVE published 2026-05-09
CVE-2026-42601
CVE-2026-42601 is a critical ArchiveBox vulnerability affecting versions 0.8.6rc0 and earlier. According to the published advisory text, the /add/ endpoint accepts a config JSON field that is merged into the crawl configuration without validation. That configuration is then exported as environment variables when archive plugins run, creating an argument-injection path that can be abused to achieve remote [truncated]