Paperclip patches unauthenticated RCE via import authorization bypass

1 min readPublished 23 Apr 2026Updated 23 Apr 2026Source: CVEProject (cvelistV5)

CVE-2026-41679 News Node.js Web Security AI

TL;DR — Paperclip’s import authorization can be bypassed to achieve unauthenticated, zero-interaction RCE on network-accessible instances running in authenticated mode with default configuration.

What happened

Paperclip is a Node.js server plus React UI intended to orchestrate a team of AI agents to run a business.

CVE-2026-41679 describes a Critical (CVSS 10.0) issue where an unauthenticated attacker can achieve full remote code execution on any network-accessible Paperclip instance running in authenticated mode with default configuration. The CVE record states the exploitation chain is fully automated, requires no user interaction, and consists of six API calls.

This is the failure mode platform teams should treat as S-tier: default-config, network-reachable unauthenticated RCE tends to become an immediate scanning/exploitation target and can rapidly turn into fleet-wide compromise where the service is internet-exposed or reachable from low-trust networks.

Who is impacted

Deployments running Paperclip in authenticated mode that are reachable over the network and still on a vulnerable release.
The CVE description states the issue affects versions prior to 2026.416.0 and that 2026.416.0 patches the issue.

Component	Affected (per CVE description)	Patched (per CVE description)
`paperclip`	`< 2026.416.0`	`2026.416.0`
`@paperclipai/server`	`< 2026.416.0`	`2026.416.0`

Note: the CVE record’s affected section lists version constraints of < 2026.410.0, which conflicts with the description’s “prior to 2026.416.0” language; validate your exposure against the vendor advisory referenced by the CVE.

What to do now

Follow vendor remediation guidance and apply a release that includes the fix; the CVE record states 2026.416.0 patches the issue.
Identify where Paperclip is deployed and whether instances are network-accessible; treat any internet reachability as an exposure multiplier.
If compromise is suspected, assume attacker code execution on the host is possible and rotate credentials/secrets reachable to the Paperclip runtime (API keys, database creds, cloud tokens), then review access logs for unusual sequences consistent with multi-step API call chains.

Content is AI-assisted and reviewed by our team, but issues may be missed and best practices evolve rapidly, send corrections to [email protected]. Always consult official documentation and validate key implementation decisions before making design or security choices.