Utility Archives - Proactive Insights and Support For Open-Source Applications

Selected category

Communication
- Communication
Communication and Collaboration
Specialized Software
- Educational
- Graphic Design
Business and Enterprise Solutions
Project and Agile Management
- Project Management
- IT Business Management
Infrastructure and Network
- CMS
- Networking
- Storage
- Security
DevOps
Data Management and Analytics

13 May 2026 Communication and Collaboration

ArchiveBox: RCE via Unvalidated Config Overrides in AddView

In ArchiveBox versions 0.8.6rc0 and prior a critical severity vulnerability CVE-2026-42601 was detected. This vulnerability allows attackers to achieve Remote Code Execution (RCE) by injecting arbitrary tool arguments. This occurs because the /add/ endpoint accepts a config JSON field that is merged into the crawl configuration without validation and exported as environment variables when archive plugins run. At the time of publication, there are no publicly available patches; users should monitor for updates or apply appropriate mitigations. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-42601.