CVE-2026-41679
Published: 23 April 2026
Summary
CVE-2026-41679 is a critical-severity Improper Authentication (CWE-287) vulnerability in Paperclip Paperclipai. Its CVSS base score is 10.0 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 32.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Other AI Platforms.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and CM-6 (Configuration Settings).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces approved authorizations for all access attempts, directly mitigating the improper authentication (CWE-287) and missing authorization (CWE-862) that enable the unauthenticated API chain leading to RCE.
Requires organizations to identify, report, and correct flaws like CVE-2026-41679 through timely patching to version 2026.416.0, preventing exploitation.
Establishes and enforces secure configuration settings for systems, addressing the insecure default initialization (CWE-1188) in authenticated mode that exposes the RCE vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated remote code execution via API calls on a network-accessible Node.js web server directly enables T1190: Exploit Public-Facing Application.
NVD Description
Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Prior to version 2026.416.0, an unauthenticated attacker can achieve full remote code execution on any network-accessible Paperclip instance running in `authenticated`…
more
mode with default configuration. No user interaction, no credentials, just the target's address. The chain consists of six API calls. The attack is fully automated, requires no user interaction, and works against the default deployment configuration. Version 2026.416.0 patches the issue.
Deeper analysisAI
CVE-2026-41679 is a critical remote code execution vulnerability affecting Paperclip, a Node.js server and React UI application designed to orchestrate teams of AI agents for business operations. The flaw exists in versions prior to 2026.416.0, specifically impacting instances running in authenticated mode under default configuration. It stems from issues mapped to CWE-287 (Improper Authentication), CWE-862 (Missing Authorization), and CWE-1188 (Insecure Default Initialization of Resource), earning a CVSS v3.1 base score of 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).
An unauthenticated attacker can exploit this vulnerability against any network-accessible Paperclip instance by sending a chain of six API calls, requiring only the target's address and no credentials or user interaction. The attack is fully automated and targets the default deployment configuration, enabling full remote code execution on the server.
The official advisory from the Paperclip GitHub security page (GHSA-68qg-g8mg-6pr7) confirms that upgrading to version 2026.416.0 fully patches the issue. Security practitioners should immediately verify deployments, apply the update, and restrict network exposure to Paperclip instances until patched, given the vulnerability's high severity and ease of exploitation.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- Other AI Platforms
- Risk Domain
- N/A
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: ai