Critical RCE in Paperclip AI Orchestration Platform (CVE-2026-41679)
The National Vulnerability Database has issued a critical advisory for CVE-2026-41679, affecting Paperclip, an AI agent orchestration platform. This vulnerability allows an unauthenticated attacker to achieve full remote code execution (RCE) on any network-accessible Paperclip instance. The vulnerability, rated with a CVSS score of 10.0 (Critical), impacts instances running in authenticated mode with default configurations.
The attack chain consists of six API calls, requiring no user interaction or credentials. This is a zero-touch, pre-authentication RCE — a defender’s nightmare. The National Vulnerability Database notes that the attack is fully automated and effective against default deployments. This means internet-facing instances are exposed to immediate, untargeted exploitation.
Paperclip users must upgrade to version 2026.416.0 immediately. The National Vulnerability Database highlights the severity as a combination of improper authentication (CWE-287), missing authorization (CWE-862), and an ‘undocumented feature’ (CWE-1188), which together facilitate this critical bypass. This isn’t just a bug; it’s a fundamental security breakdown in access control.
What This Means For You
- If your organization uses Paperclip for AI agent orchestration, you need to check your version RIGHT NOW. Any network-accessible instance running in `authenticated` mode with default settings is a sitting duck for CVE-2026-41679. Patch to version 2026.416.0 immediately. Assume compromise if you were exposed and begin incident response procedures. This is a full RCE, meaning attackers gain complete control.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-41679 - Paperclip Unauthenticated RCE via API Call Chain
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-41679 | RCE | Paperclip Node.js server and React UI prior to version 2026.416.0 |
| CVE-2026-41679 | RCE | Unauthenticated remote code execution on Paperclip instances running in 'authenticated' mode with default configuration |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 23, 2026 at 05:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related Posts
Apple Patches Critical Notification Data Leak Vulnerability
Apple has issued urgent updates to address CVE-2026-28950, a critical vulnerability within its notification management system. As reported by Cyber Updates - Asher Tamam, this...
Critical RCE Flaw in Breeze Cache WordPress Plugin
CVE-2026-3844 — The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetch_gravatar_from_remote' function in...
CVE-2026-2951 — Cross-Site Scripting (XSS)
CVE-2026-2951 — The Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up...