CVE-2026-42601 ArchiveBox Vulnerable to RCE via unvalidated per-crawl config overrides in AddView

ArchiveBox is an open source self-hosted web archiving system. In versions 0.8.6rc0 and prior, the /add/ endpoint AddView in core/views.py accepts a config JSON field that gets merged into the crawl config without validation. This config is exported as environment variables when archive plugins...