External risk intelligence

Attacker can take control of Paperclip AI systems over the internet

CVE advisorySeverity: CRITICAL (CVSS 10.0)

CVE-2026-41679

A critical flaw in Paperclip, a tool for managing AI agents, allows attackers to gain full control of any internet-connected system without needing a password or any special access. This means your business operations could be compromised remotely.

4Halo Surface Signal

Authentication Bypass

Paperclipai

before 2026.416.0

External exposure likelihood

Halo Surface Signal score for CVE-2026-41679

Paperclip functions as a Node.js server and React-based API for orchestrating business AI agents. As a web-based service with API endpoints, it is commonly deployed as an internet-facing application to facilitate integration with external services and distributed teams, making its management interface or API surface frequently accessible from external network locations.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Horizon Alert

Summary of the vulnerability and why it matters

This critical vulnerability allows an unauthenticated attacker to execute arbitrary code on Paperclip, a Node.js server for AI agents. The issue is present in default configurations and requires no special access or user interaction, making any network-accessible instance vulnerable.

  • Attackers can gain full control.
  • No user interaction or credentials needed.
  • Affects default deployments.

Attack Path

How an attacker could exploit the issue

An unauthenticated attacker can compromise any network-accessible Paperclip instance running the default configuration. The attacker would chain six API calls to achieve full remote code execution without needing any credentials or user interaction.

  • No user authentication required.
  • Network-accessible attack surface.
  • Exploitable with default configuration.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability presents a significant risk as it allows unauthenticated remote code execution against internet-accessible Paperclip instances. Attackers are likely to target this due to the ease of exploitation, requiring no credentials or user interaction, and its potential for widespread impact given the default configuration. The automated attack chain makes it an attractive target for automated scanning and exploitation.

  • No authentication needed for RCE.
  • Critical vulnerability in a business orchestration tool.
  • Exploitation is fully automated.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

Prioritize immediate mitigation for Paperclip instances, as an unauthenticated attacker can achieve full remote code execution. Given the critical nature and lack of authentication bypass, affected services should be isolated or taken offline until patched to prevent widespread compromise.

  • Apply Paperclip version 2026.416.0 or later.
  • Isolate network-accessible instances.
  • Monitor for anomalous API activity.

Frequently asked questions

What is Paperclip and its primary function in business operations?

Paperclip is a Node.js server and React UI that serves as a platform for managing and coordinating AI agents to execute business operations. It facilitates the orchestration of AI-driven tasks within a business context.

How does CVE-2026-41679 allow unauthorized code execution?

This vulnerability, stemming from Improper Authentication (CWE-287) and Missing Authorization (CWE-862), permits an unauthenticated attacker to achieve remote code execution. By executing a sequence of six specific API calls, an attacker can gain complete control over a vulnerable Paperclip installation without requiring any form of authentication.

What is the attack vector for CVE-2026-41679 on Paperclip instances?

An attacker can exploit this vulnerability by chaining six specific API calls, enabling them to gain full control over a network-accessible Paperclip instance. This attack requires no user interaction and is effective against default configurations.

What is the significance of CVE-2026-41679 for internet-facing Paperclip systems?

This critical vulnerability poses a significant threat to internet-facing Paperclip instances as it allows unauthenticated remote code execution. The ease of exploitation, requiring no credentials and being fully automated, makes it an attractive target for attackers.

What steps should be taken to respond to the Paperclip vulnerability?

It is crucial to immediately update Paperclip instances to version 2026.416.0 or later. For any instances that cannot be immediately patched, isolating them from the network or taking them offline is recommended to prevent unauthorized access and potential compromise. Monitoring for unusual API activity is also advised.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished Modified