CVE-2026-41679

Paperclip Vulnerable to Unauthenticated Remote Code Execution via Import Authorization Bypass

CVSS 10 CRITICALEPSS 2.0%CWE-1188 CWE-287 CWE-862

In short

Paperclip, a Node.js server that runs AI agents, has a critical flaw that lets attackers execute harmful code remotely without logging in. An attacker only needs the server's address to take complete control.

Technical detail

An unauthenticated attacker can chain six API calls to bypass authorization checks (CWE-287, CWE-862) and achieve unauthenticated remote code execution (CWE-1188) on default-configured Paperclip instances. The vulnerability requires network access but no credentials or user interaction, enabling full system compromise on vulnerable deployments.

Summary generated and translated by AI from the official description.

Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Prior to version 2026.416.0, an unauthenticated attacker can achieve full remote code execution on any network-accessible Paperclip instance running in `authenticated` mode with default configuration. No user interaction, no credentials, just the target's address. The chain consists of six API calls. The attack is fully automated, requires no user interaction, and works against the default deployment configuration. Version 2026.416.0 patches the issue.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Affected products

paperclipai · paperclip paperclipai · @paperclipai/server

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/paperclipai/paperclip/security/advisories/GHSA-68qg-g8mg-6pr7