cbcvebase.
CVE-2026-41679
published 2026-04-23

CVE-2026-41679: Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Prior to version 2026.416.0, an unauthenticated attacker…

PriorityP180critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EXPLOIT
EPSS
1.97%
77.9th percentile
Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Prior to version 2026.416.0, an unauthenticated attacker can achieve full remote code execution on any network-accessible Paperclip instance running in `authenticated` mode with default configuration. No user interaction, no credentials, just the target's address. The chain consists of six API calls. The attack is fully automated, requires no user interaction, and works against the default deployment configuration. Version 2026.416.0 patches the issue.

Affected

4 ranges
VendorProductVersion rangeFixed in
paperclippaperclipai< 2026.416.02026.416.0
paperclippaperclipai_server< 2026.416.02026.416.0
paperclipaipaperclip< 2026.410.02026.410.0
paperclipaipaperclipai_server< 2026.410.02026.410.0

Detection & IOCsextracted from sources · hover to see the quote

  • Monitor for a rapid sequence of six unauthenticated API calls to a Paperclip instance, which is the complete exploit chain for this CVE.
  • Alert on any unauthenticated API requests to Paperclip instances running in 'authenticated' mode — the vulnerability is exploitable with no credentials against the default configuration.
  • A public Metasploit module exists for this CVE targeting Linux/HTTP; presence of exploit traffic matching the module's request patterns should be treated as active exploitation.
  • ·The vulnerability is only exploitable against Paperclip instances running in 'authenticated' mode with the default configuration; non-default hardened deployments may not be affected.
  • ·The NVD advisory states the patch is in version 2026.416.0, while the Metasploit module references version 2026.410.0 as the boundary — verify the exact patched version against the vendor's official release notes.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.