CVE-2026-41679

CriticalPublic PoC

Published: 23 April 2026

Published

23 April 2026

Modified

27 April 2026

KEV Added

—

Patch

—

CVSS Score 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS Score 0.0052 67.0th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Prior to version 2026.416.0, an unauthenticated attacker can achieve full remote code execution on any network-accessible Paperclip instance running in `authenticated`…

mode with default configuration. No user interaction, no credentials, just the target's address. The chain consists of six API calls. The attack is fully automated, requires no user interaction, and works against the default deployment configuration. Version 2026.416.0 patches the issue.

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match

prevent

Enforces approved authorizations for all access attempts, directly mitigating the improper authentication (CWE-287) and missing authorization (CWE-862) that enable the unauthenticated API chain leading to RCE.

SI-2 Flaw Remediation good match

prevent

Requires organizations to identify, report, and correct flaws like CVE-2026-41679 through timely patching to version 2026.416.0, preventing exploitation.

CM-6 Configuration Settings good match

prevent

Establishes and enforces secure configuration settings for systems, addressing the insecure default initialization (CWE-1188) in authenticated mode that exposes the RCE vulnerability.

Security SummaryAI

CVE-2026-41679 is a critical remote code execution vulnerability affecting Paperclip, a Node.js server and React UI application designed to orchestrate teams of AI agents for business operations. The flaw exists in versions prior to 2026.416.0, specifically impacting instances running in authenticated mode under default configuration. It stems from issues mapped to CWE-287 (Improper Authentication), CWE-862 (Missing Authorization), and CWE-1188 (Insecure Default Initialization of Resource), earning a CVSS v3.1 base score of 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

An unauthenticated attacker can exploit this vulnerability against any network-accessible Paperclip instance by sending a chain of six API calls, requiring only the target's address and no credentials or user interaction. The attack is fully automated and targets the default deployment configuration, enabling full remote code execution on the server.

The official advisory from the Paperclip GitHub security page (GHSA-68qg-g8mg-6pr7) confirms that upgrading to version 2026.416.0 fully patches the issue. Security practitioners should immediately verify deployments, apply the update, and restrict network exposure to Paperclip instances until patched, given the vulnerability's high severity and ease of exploitation.

Details

CWE(s): CWE-287 CWE-862 CWE-1188

Affected Products

paperclip

paperclipai

≤ 2026.416.0

paperclip

paperclipai\/server

≤ 2026.416.0

AI Security AnalysisAI

AI Category: Other AI Platforms
Risk Domain: N/A
OWASP Top 10 for LLMs 2025: None mapped
MITRE ATLAS Techniques: None mapped
Classification Reason: Matched keywords: ai

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Unauthenticated remote code execution via API calls on a network-accessible Node.js web server directly enables T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/paperclipai/paperclip/security/advisories/GHSA-68qg-g8mg-6pr7
Third Party Advisory, Exploit, Mitigation · security-advisories@github.com
https://github.com/paperclipai/paperclip/security/advisories/GHSA-68qg-g8mg-6pr7
Third Party Advisory, Exploit, Mitigation · 134c704f-9b21-4f2e-91b3-4a467353bcc0