CVE-2026-41679

CRITICAL

Paperclip Vulnerable to Unauthenticated Remote Code Execution via Import Authorization Bypass

Title source: cna

Exploitation Summary

EIP tracks 2 public exploits for CVE-2026-41679. PoCs published by bartfroklage, including Metasploit module exploits/linux/http/paperclipai_unauth_rce_cve_2026_41679.

AI-analyzed exploit summary This PoC demonstrates an RCE vulnerability in Paperclip AI by exploiting the agent import functionality to inject malicious commands into a YAML configuration file. The exploit chain involves user signup, authentication, challenge creation, and triggering a crafted agent to execute arbitrary commands.

Description

Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Prior to version 2026.416.0, an unauthenticated attacker can achieve full remote code execution on any network-accessible Paperclip instance running in `authenticated` mode with default configuration. No user interaction, no credentials, just the target's address. The chain consists of six API calls. The attack is fully automated, requires no user interaction, and works against the default deployment configuration. Version 2026.416.0 patches the issue.

Exploits (2)

nomisec WORKING POC

by bartfroklage · poc

https://github.com/bartfroklage/cve-2026-41679

View Code ZIP pw:eip

This PoC demonstrates an RCE vulnerability in Paperclip AI by exploiting the agent import functionality to inject malicious commands into a YAML configuration file. The exploit chain involves user signup, authentication, challenge creation, and triggering a crafted agent to execute arbitrary commands.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Paperclip AI (version not specified)

Auth required

Prerequisites: Target Paperclip AI instance · Network access to the target · Valid credentials or ability to create an account

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Apr 24, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/paperclipai_unauth_rce_cve_2026_41679.rb

View Code ZIP pw:eip

This Metasploit module exploits CVE-2026-41679, an unauthenticated RCE vulnerability in Paperclip AI. It chains six API calls to register a user, create a CLI challenge, deploy a malicious agent, and execute arbitrary commands.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Paperclip AI < 2026.410.0

No auth needed

Prerequisites: Network access to Paperclip instance on port 3100

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Jun 12, 2026 Full analysis →

References (1)

Core 1

Core References

X_Refsource_Confirm x_refsource_confirm

https://github.com/paperclipai/paperclip/security/advisories/GHSA-68qg-g8mg-6pr7

Scores

CVSS v3 10.0

EPSS 0.0111

EPSS Percentile 61.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-1188 CWE-287 CWE-862

Status published

Products (6)

npm/paperclipai 0 - 2026.410.0npm

paperclip/paperclipai < 2026.416.0

paperclip/paperclipai\/server < 2026.416.0

paperclipai/@paperclipai/server < 2026.410.0

paperclipai/paperclip < 2026.410.0

paperclipai/server 0 - 2026.410.0npm

Published Apr 23, 2026

Tracked Since Apr 23, 2026