CVE-2026-41208: Paperclip AI Agent Privilege Escalation to RCE
The National Vulnerability Database has detailed CVE-2026-41208, a high-severity privilege escalation vulnerability in Paperclip’s AI agent orchestration platform. Specifically, versions of @paperclipai/server prior to 2026.416.0 are affected. This flaw enables an attacker with an Agent API key to execute arbitrary operating system commands on the Paperclip server host, bypassing intended security boundaries.
The vulnerability stems from agents being permitted to update their own adapterConfig via the /agents/:id API endpoint. Critically, the adapterConfig.workspaceStrategy.provisionCommand field is later executed by the server runtime. This allows a malicious or compromised agent to inject arbitrary shell commands, which the Paperclip server then executes during workspace provisioning. This directly leads to remote code execution (RCE) on the server host, breaking the trust model between agent configuration and server execution.
This is a critical flaw with a CVSS score of 8.8 (HIGH). It transforms a seemingly contained agent compromise into a full server takeover. Defenders must recognize that an attacker only needs an agent credential to achieve RCE. The fix is available in @paperclipai/server version 2026.416.0.
What This Means For You
- If your organization utilizes Paperclip's AI agent orchestration platform, prioritize patching immediately. An attacker with just an Agent API key can leverage CVE-2026-41208 to escalate privileges and achieve remote code execution on your server. Audit logs for unusual command execution or configuration changes originating from agent accounts.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-41208: Paperclip Agent Privilege Escalation via adapterConfig
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-41208 | Privilege Escalation | @paperclipai/server versions prior to 2026.416.0 |
| CVE-2026-41208 | RCE | @paperclipai/server versions prior to 2026.416.0 |
| CVE-2026-41208 | Command Injection | Vulnerable endpoint: /agents/:id API endpoint, field: adapterConfig.workspaceStrategy.provisionCommand |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 23, 2026 at 05:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related Posts
Apple Patches Critical Notification Data Leak Vulnerability
Apple has issued urgent updates to address CVE-2026-28950, a critical vulnerability within its notification management system. As reported by Cyber Updates - Asher Tamam, this...
Critical RCE Flaw in Breeze Cache WordPress Plugin
CVE-2026-3844 — The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetch_gravatar_from_remote' function in...
CVE-2026-2951 — Cross-Site Scripting (XSS)
CVE-2026-2951 — The Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up...