Skip to main content

Paperclip EUVD-2026-25166

| CVE-2026-41679 CRITICAL
Improper Authentication (CWE-287)
2026-04-23 GitHub_M GHSA-68qg-g8mg-6pr7
Node.js Authentication Bypass RCE
10.0
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
10.0 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

7
Patch released
Apr 27, 2026 - 14:58 nvd
Patch available
Re-analysis Queued
Apr 23, 2026 - 18:42 vuln.today
cvss_changed
Analysis Generated
Apr 23, 2026 - 06:46 vuln.today
Patch available
Apr 23, 2026 - 06:16 EUVD
EUVD ID Assigned
Apr 23, 2026 - 01:15 euvd
EUVD-2026-25166
Analysis Generated
Apr 23, 2026 - 01:15 vuln.today
CVE Published
Apr 23, 2026 - 00:53 nvd
CRITICAL 10.0

DescriptionGitHub Advisory

Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Prior to version 2026.416.0, an unauthenticated attacker can achieve full remote code execution on any network-accessible Paperclip instance running in authenticated mode with default configuration. No user interaction, no credentials, just the target's address. The chain consists of six API calls. The attack is fully automated, requires no user interaction, and works against the default deployment configuration. Version 2026.416.0 patches the issue.

Articles & Coverage 1

POC CVE-2026-41679: Proof-of-Concept Exploit Released for Paperclip AI Vulnerability Apr 25, 2026

AnalysisAI

Remote unauthenticated attackers achieve full code execution on Paperclip AI orchestration servers (versions prior to 2026.416.0) via authentication bypass through a six-step API call chain. The attack requires no credentials, no user interaction, and succeeds against default 'authenticated' mode deployments exposed to network access. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Scan for exposed Paperclip instances
Delivery
Send unauthenticated API call sequence (6 steps)
Exploit
Bypass authentication in 'authenticated' mode
Execution
Execute arbitrary code via RCE
Persist
Escalate to container/host escape
Impact
Establish persistence and exfiltrate data
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Requires network-accessible Paperclip instance (versions < 2026.416.0) running in 'authenticated' mode with default configuration - the exact mode intended for production security. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment This represents a critical real-world risk despite no confirmed active exploitation (not in CISA KEV). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker scans for internet-exposed Paperclip instances on common Node.js ports (3000, 8080) using tools like Shodan or Censys, identifying the React UI or API endpoints. Once discovered, the attacker executes a scripted six-step API call sequence against the server, bypassing authentication checks despite 'authenticated' mode being enabled. …
Remediation Immediately upgrade both @paperclipai/server and paperclip npm packages to version 2026.416.0 or later as confirmed by GitHub Security Advisory GHSA-68qg-g8mg-6pr7 (https://github.com/paperclipai/paperclip/security/advisories/GHSA-68qg-g8mg-6pr7). … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Identify all Paperclip AI deployments and confirm versions (check @paperclipai/server and paperclip npm package versions). …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-53633 CRITICAL
9.8 Jun 15

Remote code execution in Vitest Browser Mode (npm @vitest/browser 3.0.0-3.2.4, 4.0.0-4.1.7, 5.0.0-beta.0-5.0.0-beta.3) a
CVE-2026-48714 CRITICAL
9.1 Jun 15

Remote prototype pollution in i18next-http-middleware before 3.9.7 allows unauthenticated attackers to write to Object.p
CVE-2026-53609 CRITICAL
9.1 Jun 12

Prototype pollution in ApostropheCMS versions up to and including 4.30.0 allows an authenticated editor to poison Object
CVE-2026-48054 HIGH
8.8 Jun 11

Code injection in OpenZeppelin Contracts Wizard's `@openzeppelin/wizard` npm package (<=0.10.8) allows attacker-supplied
CVE-2026-53608 HIGH
8.7 Jun 12

Stored cross-site scripting in the @apostrophecms/seo plugin (versions ≤1.4.2) allows any user holding the default edito

Share

EUVD-2026-25166 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy