Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Prior to version 2026.416.0, an unauthenticated attacker can achieve full remote code execution on any network-accessible Paperclip instance running in `authenticated` mode with default configuration. No user interaction, no credentials, just the target's address. The chain consists of six API calls. The attack is fully automated, requires no user interaction, and works against the default deployment configuration. Version 2026.416.0 patches the issue.
The attacker executes a chain of six API calls on a publicly or network-accessible Paperclip instance, bypassing authentication mechanisms (Auth Bypass) resulting from CWE-287 (improper authentication), CWE-862 (missing authorization), and CWE-1188 (insecure default resource initialization) errors. The entire attack is fully automated, requires no user interaction or knowledge of login credentials — only the target's network address is needed. The vulnerability exists in versions prior to 2026.416.0 with default deployment configuration.
The attacker gains complete remote code execution (RCE) on the victim's server with the ability to compromise the confidentiality, integrity, and availability of the system — CVSS assigns maximum scores in all three categories (C:H/I:H/A:H) with scope extending beyond the vulnerable service (S:C).
Paperclip must be immediately updated to version 2026.416.0 or later, which contains a fix for the described vulnerability. If immediate update is not possible, restrict network access to the Paperclip instance only to trusted hosts (firewall, network segmentation) and do not expose the server publicly.
Paperclip (Paperclipai/Server and Paperclipai) in all versions prior to 2026.416.0, running with default configuration in 'authenticated' mode
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HPaperclip Paperclipai
APPPaperclip< 2026.416.0Paperclip Paperclipai\/server
APPPaperclip< 2026.416.0