{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-41679", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-22T03:53:24.406Z", "datePublished": "2026-04-23T00:53:16.391Z", "dateUpdated": "2026-04-23T16:23:25.939Z"}, "containers": {"cna": {"title": "Paperclip Vulnerable to Unauthenticated Remote Code Execution via Import Authorization Bypass", "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "lang": "en", "description": "CWE-287: Improper Authentication", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-862", "lang": "en", "description": "CWE-862: Missing Authorization", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-1188", "lang": "en", "description": "CWE-1188: Insecure Default Initialization of Resource", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/paperclipai/paperclip/security/advisories/GHSA-68qg-g8mg-6pr7", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/paperclipai/paperclip/security/advisories/GHSA-68qg-g8mg-6pr7"}], "affected": [{"vendor": "paperclipai", "product": "paperclip", "versions": [{"version": "< 2026.410.0", "status": "affected"}]}, {"vendor": "paperclipai", "product": "@paperclipai/server", "versions": [{"version": "< 2026.410.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-23T00:53:16.391Z"}, "descriptions": [{"lang": "en", "value": "Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Prior to version 2026.416.0, an unauthenticated attacker can achieve full remote code execution on any network-accessible Paperclip instance running in `authenticated` mode with default configuration. No user interaction, no credentials, just the target's address. The chain consists of six API calls. The attack is fully automated, requires no user interaction, and works against the default deployment configuration. Version 2026.416.0 patches the issue."}], "source": {"advisory": "GHSA-68qg-g8mg-6pr7", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/paperclipai/paperclip/security/advisories/GHSA-68qg-g8mg-6pr7", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-23T14:39:48.671600Z", "id": "CVE-2026-41679", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-23T16:23:25.939Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-41679", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-23T14:39:48.671600Z"}}}], "references": [{"url": "https://github.com/paperclipai/paperclip/security/advisories/GHSA-68qg-g8mg-6pr7", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-23T14:39:57.287Z"}}], "cna": {"title": "Paperclip Vulnerable to Unauthenticated Remote Code Execution via Import Authorization Bypass", "source": {"advisory": "GHSA-68qg-g8mg-6pr7", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 10, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "paperclipai", "product": "paperclip", "versions": [{"status": "affected", "version": "< 2026.410.0"}]}, {"vendor": "paperclipai", "product": "@paperclipai/server", "versions": [{"status": "affected", "version": "< 2026.410.0"}]}], "references": [{"url": "https://github.com/paperclipai/paperclip/security/advisories/GHSA-68qg-g8mg-6pr7", "name": "https://github.com/paperclipai/paperclip/security/advisories/GHSA-68qg-g8mg-6pr7", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Prior to version 2026.416.0, an unauthenticated attacker can achieve full remote code execution on any network-accessible Paperclip instance running in `authenticated` mode with default configuration. No user interaction, no credentials, just the target's address. The chain consists of six API calls. The attack is fully automated, requires no user interaction, and works against the default deployment configuration. Version 2026.416.0 patches the issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-287", "description": "CWE-287: Improper Authentication"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862: Missing Authorization"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1188", "description": "CWE-1188: Insecure Default Initialization of Resource"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-23T00:53:16.391Z"}}}, "cveMetadata": {"cveId": "CVE-2026-41679", "state": "PUBLISHED", "dateUpdated": "2026-04-23T16:23:25.939Z", "dateReserved": "2026-04-22T03:53:24.406Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-23T00:53:16.391Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:paperclip:paperclipai:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "5450D1E5-E18F-4683-AC76-3BB21F14933B", "versionEndExcluding": "2026.416.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:paperclip:paperclipai\\/server:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "7002BC1F-A9E7-4955-BBC6-CBCAF731E019", "versionEndExcluding": "2026.416.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Prior to version 2026.416.0, an unauthenticated attacker can achieve full remote code execution on any network-accessible Paperclip instance running in `authenticated` mode with default configuration. No user interaction, no credentials, just the target's address. The chain consists of six API calls. The attack is fully automated, requires no user interaction, and works against the default deployment configuration. Version 2026.416.0 patches the issue."}], "id": "CVE-2026-41679", "lastModified": "2026-04-27T14:58:34.110", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-23T02:16:19.180", "references": [{"source": "security-advisories@github.com", "tags": ["Third Party Advisory", "Exploit", "Mitigation"], "url": "https://github.com/paperclipai/paperclip/security/advisories/GHSA-68qg-g8mg-6pr7"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Third Party Advisory", "Exploit", "Mitigation"], "url": "https://github.com/paperclipai/paperclip/security/advisories/GHSA-68qg-g8mg-6pr7"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}, {"lang": "en", "value": "CWE-862"}, {"lang": "en", "value": "CWE-1188"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2026.410.0)"}}], "enrichment": {"confidence": 90.0, "confidence_source": "matching", "scores": [{"score": 90.0, "source": "matching"}]}, "original": {"product": "paperclip", "source": "cna", "vendor": "paperclipai"}, "product": "paperclipai", "vendor": "paperclip"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2026.410.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "@paperclipai/server", "source": "cna", "vendor": "paperclipai"}, "product": "paperclipai/server", "vendor": "paperclip"}], "analysis": {"en": {"generated_at": "2026-04-28T07:41:30.398975+00:00", "value": {"mitigation_remediation": ["Update Paperclip to version 2026.416.0 or later to receive the fix for the import authorization bypass.", "Verify that authentication is enforced for all API endpoints by reviewing the configuration settings and ensuring that the \"authenticated\" mode is correctly enabled.", "Restrict network access to the Paperclip API endpoints, for example by applying firewall rules or deploying an API gateway that requires authentication tokens."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The flaw affects the Paperclip AI platform, specifically paperclipai/server and paperclipai/paperclip services. All releases prior to version 2026.416.0 are vulnerable; the patch is included in the 2026.416.0 release.", "description_and_impact": "An unauthenticated attacker can trigger a full remote code execution on any network\u2011accessible Paperclip instance running in authenticated mode with the default configuration. The vulnerability is achieved through an import authorization bypass that requires a chain of six API calls and no user interaction or credentials. Because the chain is fully automated against the default deployment, an adversary only needs the target\u2019s address, resulting in a high\u2011impact breach of confidentiality, integrity, and availability. The weakness corresponds to a bypass of authentication and authorization controls (CWE\u2011287, CWE\u20111188, CWE\u2011862).", "risk_and_exploitability": "The CVSS score of 10 classifies the scenario as critical, yet the EPSS score is less than 1%, indicating a low probability of seen exploitation at present. The exploit is network\u2011based and requires no credentials, making it an ideal target for automated attacks. Although the vulnerability is not listed in the CISA KEV catalog, its severity and the fully automated attack vector warrant immediate attention. A successful exploitation would grant the attacker arbitrary code execution on the host running Paperclip."}}}}, "created": "2026-04-28T07:45:26.038279+00:00", "updated": "2026-04-28T09:26:29.835501+00:00", "vendors": ["paperclip", "paperclip$PRODUCT$paperclipai", "paperclip$PRODUCT$paperclipai/server"]}