How to fix CVE-2026-41679?

Within 24 hours: Identify all Paperclip AI deployments and confirm versions (check @paperclipai/server and paperclip npm package versions). Isolate any instances running versions prior to 2026.416.0 from network access or place behind authentication-enforcing reverse proxy. Within 7 days: Upgrade all affected instances to Paperclip version 2026.416.0 or later per vendor advisory GHSA-68qg-g8mg-6pr7. Perform full restart and validation testing post-upgrade. Within 30 days: Conduct forensic review of access logs and container/host audit logs for any API call patterns matching the six-step authentication bypass chain; rotate all service credentials and API keys for affected systems.

Is Paperclip affected by CVE-2026-41679?

CVE-2026-41679 is a critical remote code execution vulnerability in Paperclip AI orchestration servers that allows unauthenticated attackers to bypass authentication and execute arbitrary code on affected instances.

Paperclip CVE-2026-41679

EUVD-2026-25166 CRITICAL

Improper Authentication (CWE-287)

2026-04-23 GitHub_M

Authentication Bypass RCE Node.js

10.0

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Re-analysis Queued

Apr 23, 2026 - 18:42 vuln.today

cvss_changed

Analysis Generated

Apr 23, 2026 - 06:46 vuln.today

Patch available

Apr 23, 2026 - 06:16 EUVD

DescriptionNVD

Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Prior to version 2026.416.0, an unauthenticated attacker can achieve full remote code execution on any network-accessible Paperclip instance running in authenticated mode with default configuration. No user interaction, no credentials, just the target's address. The chain consists of six API calls. The attack is fully automated, requires no user interaction, and works against the default deployment configuration. Version 2026.416.0 patches the issue.

AnalysisAI

Remote unauthenticated attackers achieve full code execution on Paperclip AI orchestration servers (versions prior to 2026.416.0) via authentication bypass through a six-step API call chain. The attack requires no credentials, no user interaction, and succeeds against default 'authenticated' mode deployments exposed to network access. …

RemediationAI

Within 24 hours: Identify all Paperclip AI deployments and confirm versions (check @paperclipai/server and paperclip npm package versions). Isolate any instances running versions prior to 2026.416.0 from network access or place behind authentication-enforcing reverse proxy. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-41679 vulnerability details – vuln.today

Back

Paperclip CVE-2026-41679

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code