Lucene search
K

91 matches found

OSV
OSV
added 2026/07/07 12:0 a.m.8 views

MAL-2026-6947 Malicious code in paperclip-host-utils (npm)

The package 'paperclip-host-utils' is a purpose-built malware package published by the npm account 'srm0rgan' [email protected] as part of a coordinated campaign of fake 'Paperclip' VPS-maintenance adapters siblings: paperclip2, vps-maintenance, vps-maintenance-paperclip-adapter, vps-adapter-cor...

6.2AI score
Exploits0References9
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/07 12:0 a.m.8 views

Malicious code in paperclip-host-utils (npm)

The package 'paperclip-host-utils' is a purpose-built malware package published by the npm account 'srm0rgan' [email protected] as part of a coordinated campaign of fake 'Paperclip' VPS-maintenance adapters siblings: paperclip2, vps-maintenance, vps-maintenance-paperclip-adapter, vps-adapter-cor...

6.2AI score
Exploits0References9
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/04 1:42 p.m.10 views

Malicious code in paperclip2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6fbcfc445b1a599943dac3ca0691633629c6804037b38fcf6113062f6add848 package.json declares a postinstall lifecycle script that runs node -e code opening a TCP connection to 185.112.147.174:7007 and piping the socket to...

6.5AI score
Exploits0References2
Rapid7 Blog
Rapid7 Blog
added 2026/06/19 5:8 p.m.11 views

Weekly Metasploit Update: NTLM Relay Priv Esc, MCP Server Integration, Paperclip AI RCE Chain, and more

This week's release includes five new modules, including a full unauthenticated RCE chain for Paperclip AI and a VS Code extension persistence technique. On the post-exploitation side, the new windows/local/ntlmrelay2self module coerces the local machine account to authenticate via...

10CVSS6.8AI score0.01972EPSS
Exploits13
Metasploit
Metasploit
added 2026/06/12 7:2 p.m.272 views

Paperclip AI RCE using a chain of six API calls (CVE-2026-41679).

Paperclip is the operating system for your AI company. You set the goals, hire AI agents as employees, and watch them plan and execute work. Prior to version 2026.410.0, Paperclip allows for an unauthenticated RCE, tracked as CVE-2026-41679. An unauthenticated attacker can achieve full remote cod...

10CVSS6.7AI score0.01972EPSS
Exploits5
Packet Storm
Packet Storm
added 2026/06/12 12:0 a.m.68 views

📄 Paperclip AI Remote Code Execution

Paperclip is the operating system for your AI company. You set the goals, hire AI agents as employees, and watch them plan and execute work. Prior to version 2026.410.0, Paperclip allows for unauthenticated remote code execution on any network-accessible instance running in authenticated mode wit...

10CVSS6.3AI score0.01972EPSS
Exploits5
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.13 views

CVE-2026-41679

Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Prior to version 2026.416.0, an unauthenticated attacker can achieve full remote code execution on any network-accessible Paperclip instance running in authenticated mode with default configuration...

10CVSS6.3AI score0.01972EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.17 views

CVE-2026-41208

Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Versions of @paperclipai/server prior to 2026.416.0 contain a privilege escalation vulnerability that allows an attacker with an Agent API key to execute arbitrary OS commands on the Paperclip serv...

8.8CVSS6.7AI score0.00591EPSS
Exploits1References1
HackRead
HackRead
added 2026/05/01 7:38 p.m.23 views

45,000 Attacks, 5,300+ Backdoors Tied to China-Linked Cybercrime Operation

SOCRadar researchers have uncovered a massive Chinese cybercrime operation using the OpenClaw and Paperclip systems to automate global attacks...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2026/04/24 8:27 a.m.125 views

Exploit for CVE-2026-41679

CVE-2026-41679 Introduction This POC tests if a paperclip...

10CVSS5.3AI score0.01972EPSS
Exploits5
Snyk
Snyk
added 2026/04/23 3:7 p.m.8 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via import flow. An attacker can gain remote code execution using company creation endpoint that improperly checks for admin rights in authenticated mode deployment with default configuration. Remediation Upgrade...

10CVSS6.5AI score0.01972EPSS
Exploits5References2
NVD
NVD
added 2026/04/23 2:16 a.m.9 views

CVE-2026-41679

Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Prior to version 2026.416.0, an unauthenticated attacker can achieve full remote code execution on any network-accessible Paperclip instance running in authenticated mode with default configuration...

10CVSS0.01972EPSS
Exploits5References1
NVD
NVD
added 2026/04/23 2:16 a.m.9 views

CVE-2026-41208

Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Versions of @paperclipai/server prior to 2026.416.0 contain a privilege escalation vulnerability that allows an attacker with an Agent API key to execute arbitrary OS commands on the Paperclip serv...

8.8CVSS0.00591EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/23 12:53 a.m.4 views

CVE-2026-41679 Paperclip Vulnerable to Unauthenticated Remote Code Execution via Import Authorization Bypass

Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Prior to version 2026.416.0, an unauthenticated attacker can achieve full remote code execution on any network-accessible Paperclip instance running in authenticated mode with default configuration...

10CVSS6.5AI score0.01972EPSS
Exploits5References1
ATTACKERKB
ATTACKERKB
added 2026/04/23 12:53 a.m.3 views

CVE-2026-41679

Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Prior to version 2026.416.0, an unauthenticated attacker can achieve full remote code execution on any network-accessible Paperclip instance running in authenticated mode with default configuration...

10CVSS6.5AI score0.01972EPSS
Exploits5References2Affected Software2
CVE
CVE
added 2026/04/23 12:53 a.m.46 views

CVE-2026-41679

Summary of CVE-2026-41679 (Paperclip) : Paperclip, a Node.js server with a React UI, is vulnerable to unauthenticated remote code execution via an Import Authorization bypass. Up to version 2026.416.0, an unauthenticated attacker can trigger full RCE on any network-accessible Paperclip instance r...

10CVSS6.5AI score0.01972EPSS
Exploits5References1Affected Software2
EUVD
EUVD
added 2026/04/23 12:53 a.m.8 views

EUVD-2026-25166

Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Prior to version 2026.416.0, an unauthenticated attacker can achieve full remote code execution on any network-accessible Paperclip instance running in authenticated mode with default configuration...

10CVSS6.5AI score0.01972EPSS
Exploits5References1
Vulnrichment
Vulnrichment
added 2026/04/23 12:47 a.m.2 views

CVE-2026-41208 Paperclip: Privilege Escalation via Agent-Controlled workspaceStrategy.provisionCommand Leading to OS Command Execution

Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Versions of @paperclipai/server prior to 2026.416.0 contain a privilege escalation vulnerability that allows an attacker with an Agent API key to execute arbitrary OS commands on the Paperclip serv...

8.8CVSS6.8AI score0.00591EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/23 12:47 a.m.4 views

CVE-2026-41208

Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Versions of @paperclipai/server prior to 2026.416.0 contain a privilege escalation vulnerability that allows an attacker with an Agent API key to execute arbitrary OS commands on the Paperclip serv...

8.8CVSS6.8AI score0.00591EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/04/23 12:47 a.m.8 views

EUVD-2026-25162

Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Versions of @paperclipai/server prior to 2026.416.0 contain a privilege escalation vulnerability that allows an attacker with an Agent API key to execute arbitrary OS commands on the Paperclip serv...

8.8CVSS6.8AI score0.00591EPSS
Exploits1References1
Rows per page
Query Builder