Paperclipai Server vulnerabilities
2 known vulnerabilities affecting paperclipai/paperclipai_server.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2026-41679P1CRITICALCVSS 10.0PoCfixed in 2026.410.02026-04-23
CVE-2026-41679 [CRITICAL] CWE-287 CVE-2026-41679: Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business.
Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Prior to version 2026.416.0, an unauthenticated attacker can achieve full remote code execution on any network-accessible Paperclip instance running in `authenticated` mode with default configuration. No user interaction, no credentials, just the tar
nvd
CVE-2026-41208P2HIGHCVSS 8.8fixed in 2026.416.02026-04-23
CVE-2026-41208 [HIGH] CWE-78 CVE-2026-41208: Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business.
Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Versions of @paperclipai/server prior to 2026.416.0 contain a privilege escalation vulnerability that allows an attacker with an Agent API key to execute arbitrary OS commands on the Paperclip server host. An attacker with an agent credential can escalate
nvd