CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-42601

ArchiveBox is an open source self-hosted web archiving system. In versions 0.8.6rc0 and prior, the /add/ endpoint (AddView in core/views.py) accepts a config JSON field that gets merged into the crawl config without validation. This config is exported as environment variables when archive plugins run, allowing injection of arbitrary tool arguments to achieve RCE. At time of publication, there are no publicly available patches.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 19.3%

CVSS Severity

CVSS v3 Score 9.8

References

Products affected by CVE-2026-42601

Archivebox » Archivebox » Version: N/A

cpe:2.3:a:archivebox:archivebox:-
Archivebox » Archivebox » Version: 0.0.1

cpe:2.3:a:archivebox:archivebox:0.0.1
Archivebox » Archivebox » Version: 0.0.2

cpe:2.3:a:archivebox:archivebox:0.0.2
Archivebox » Archivebox » Version: 0.0.3

cpe:2.3:a:archivebox:archivebox:0.0.3
Archivebox » Archivebox » Version: 0.1.0

cpe:2.3:a:archivebox:archivebox:0.1.0
Archivebox » Archivebox » Version: 0.2.0

cpe:2.3:a:archivebox:archivebox:0.2.0
Archivebox » Archivebox » Version: 0.2.1

cpe:2.3:a:archivebox:archivebox:0.2.1
Archivebox » Archivebox » Version: 0.2.2

cpe:2.3:a:archivebox:archivebox:0.2.2
Archivebox » Archivebox » Version: 0.2.3

cpe:2.3:a:archivebox:archivebox:0.2.3
Archivebox » Archivebox » Version: 0.2.4

cpe:2.3:a:archivebox:archivebox:0.2.4
Archivebox » Archivebox » Version: 0.4.11

cpe:2.3:a:archivebox:archivebox:0.4.11
Archivebox » Archivebox » Version: 0.4.12

cpe:2.3:a:archivebox:archivebox:0.4.12
Archivebox » Archivebox » Version: 0.4.13

cpe:2.3:a:archivebox:archivebox:0.4.13
Archivebox » Archivebox » Version: 0.4.14

cpe:2.3:a:archivebox:archivebox:0.4.14
Archivebox » Archivebox » Version: 0.4.15

cpe:2.3:a:archivebox:archivebox:0.4.15
Archivebox » Archivebox » Version: 0.4.16

cpe:2.3:a:archivebox:archivebox:0.4.16
Archivebox » Archivebox » Version: 0.4.17

cpe:2.3:a:archivebox:archivebox:0.4.17
Archivebox » Archivebox » Version: 0.4.18

cpe:2.3:a:archivebox:archivebox:0.4.18
Archivebox » Archivebox » Version: 0.4.19

cpe:2.3:a:archivebox:archivebox:0.4.19
Archivebox » Archivebox » Version: 0.4.20

cpe:2.3:a:archivebox:archivebox:0.4.20
Archivebox » Archivebox » Version: 0.4.21

cpe:2.3:a:archivebox:archivebox:0.4.21
Archivebox » Archivebox » Version: 0.4.24

cpe:2.3:a:archivebox:archivebox:0.4.24
Archivebox » Archivebox » Version: 0.4.9

cpe:2.3:a:archivebox:archivebox:0.4.9
Archivebox » Archivebox » Version: 0.5.3

cpe:2.3:a:archivebox:archivebox:0.5.3
Archivebox » Archivebox » Version: 0.5.4

cpe:2.3:a:archivebox:archivebox:0.5.4
Archivebox » Archivebox » Version: 0.5.6

cpe:2.3:a:archivebox:archivebox:0.5.6
Archivebox » Archivebox » Version: 0.6.0

cpe:2.3:a:archivebox:archivebox:0.6.0
Archivebox » Archivebox » Version: 0.6.2

cpe:2.3:a:archivebox:archivebox:0.6.2
Archivebox » Archivebox » Version: 0.7.0

cpe:2.3:a:archivebox:archivebox:0.7.0
Archivebox » Archivebox » Version: 0.7.1

cpe:2.3:a:archivebox:archivebox:0.7.1
Archivebox » Archivebox » Version: 0.7.2

cpe:2.3:a:archivebox:archivebox:0.7.2
Archivebox » Archivebox » Version: 0.7.3

cpe:2.3:a:archivebox:archivebox:0.7.3
Archivebox » Archivebox » Version: 0.8.0

cpe:2.3:a:archivebox:archivebox:0.8.0
Archivebox » Archivebox » Version: 0.8.2

cpe:2.3:a:archivebox:archivebox:0.8.2
Archivebox » Archivebox » Version: 0.8.3

cpe:2.3:a:archivebox:archivebox:0.8.3
Archivebox » Archivebox » Version: 0.8.4

cpe:2.3:a:archivebox:archivebox:0.8.4
Archivebox » Archivebox » Version: 0.8.5

cpe:2.3:a:archivebox:archivebox:0.8.5
Archivebox » Archivebox » Version: 0.8.6

cpe:2.3:a:archivebox:archivebox:0.8.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-42601

Products

Pricing

Contact Us