Description
Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Prior to version 2026.416.0, an unauthenticated attacker can achieve full remote code execution on any network-accessible Paperclip instance running in `authenticated` mode with default configuration. No user interaction, no credentials, just the target's address. The chain consists of six API calls. The attack is fully automated, requires no user interaction, and works against the default deployment configuration. Version 2026.416.0 patches the issue.
Published: 2026-04-23
Score: 10 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

An unauthenticated attacker can trigger a full remote code execution on any network‑accessible Paperclip instance running in authenticated mode with the default configuration. The vulnerability is achieved through an import authorization bypass that requires a chain of six API calls and no user interaction or credentials. Because the chain is fully automated against the default deployment, an adversary only needs the target’s address, resulting in a high‑impact breach of confidentiality, integrity, and availability. The weakness corresponds to a bypass of authentication and authorization controls (CWE‑287, CWE‑1188, CWE‑862).

Affected Systems

The flaw affects the Paperclip AI platform, specifically paperclipai/server and paperclipai/paperclip services. All releases prior to version 2026.416.0 are vulnerable; the patch is included in the 2026.416.0 release.

Risk and Exploitability

The CVSS score of 10 classifies the scenario as critical, yet the EPSS score is less than 1%, indicating a low probability of seen exploitation at present. The exploit is network‑based and requires no credentials, making it an ideal target for automated attacks. Although the vulnerability is not listed in the CISA KEV catalog, its severity and the fully automated attack vector warrant immediate attention. A successful exploitation would grant the attacker arbitrary code execution on the host running Paperclip.

Generated by OpenCVE AI on April 28, 2026 at 07:41 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Paperclip to version 2026.416.0 or later to receive the fix for the import authorization bypass.
  • Verify that authentication is enforced for all API endpoints by reviewing the configuration settings and ensuring that the "authenticated" mode is correctly enabled.
  • Restrict network access to the Paperclip API endpoints, for example by applying firewall rules or deploying an API gateway that requires authentication tokens.

Generated by OpenCVE AI on April 28, 2026 at 07:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-68qg-g8mg-6pr7 paperclip Vulnerable to Unauthenticated Remote Code Execution via Import Authorization Bypass
History

Tue, 28 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Paperclip paperclipai/server
Vendors & Products Paperclip paperclipai/server

Mon, 27 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Paperclip
Paperclip paperclipai
Paperclip paperclipai\/server
CPEs cpe:2.3:a:paperclip:paperclipai:*:*:*:*:*:node.js:*:*
cpe:2.3:a:paperclip:paperclipai\/server:*:*:*:*:*:node.js:*:*
Vendors & Products Paperclip
Paperclip paperclipai
Paperclip paperclipai\/server

Thu, 23 Apr 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 23 Apr 2026 01:15:00 +0000

Type Values Removed Values Added
Description Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Prior to version 2026.416.0, an unauthenticated attacker can achieve full remote code execution on any network-accessible Paperclip instance running in `authenticated` mode with default configuration. No user interaction, no credentials, just the target's address. The chain consists of six API calls. The attack is fully automated, requires no user interaction, and works against the default deployment configuration. Version 2026.416.0 patches the issue.
Title Paperclip Vulnerable to Unauthenticated Remote Code Execution via Import Authorization Bypass
Weaknesses CWE-1188
CWE-287
CWE-862
References
Metrics cvssV3_1

{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

Paperclip Paperclipai Paperclipai/server Paperclipai\/server
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-23T16:23:25.939Z

Reserved: 2026-04-22T03:53:24.406Z

Link: CVE-2026-41679

cve-icon Vulnrichment

Updated: 2026-04-23T14:39:57.287Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-23T02:16:19.180

Modified: 2026-04-27T14:58:34.110

Link: CVE-2026-41679

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T09:26:29Z

Weaknesses