4 matches found
Weekly Metasploit Update: NTLM Relay Priv Esc, MCP Server Integration, Paperclip AI RCE Chain, and more
This week's release includes five new modules, including a full unauthenticated RCE chain for Paperclip AI and a VS Code extension persistence technique. On the post-exploitation side, the new windows/local/ntlmrelay2self module coerces the local machine account to authenticate via...
📄 Paperclip AI Remote Code Execution
Paperclip is the operating system for your AI company. You set the goals, hire AI agents as employees, and watch them plan and execute work. Prior to version 2026.410.0, Paperclip allows for unauthenticated remote code execution on any network-accessible instance running in authenticated mode wit...
Exploit for CVE-2026-41679
CVE-2026-41679 Introduction This POC tests if a paperclip...
@paperclipai/adapter-claude-local (>=2026.3.17-canary.0 <=2026.411.0-canary.8), @paperclipai/adapter-codex-local (>=2026.3.17-canary.0 <=2026.411.0-canary.8) +12 more potentially affected by unknown CVE via @paperclipai/adapter-utils (>=2026.318.0-canary.0 <=2026.416.0-canary.1)
@paperclipai/adapter-utils NPM version =2026.318.0-canary.0, =2026.3.17-canary.0, =2026.3.17-canary.0, =2026.3.17-canary.0, =2026.3.17-canary.0, =2026.3.17-canary.0, =2026.3.17-canary.0, =2026.3.17-canary.0, =2026.3.17-canary.2, =2026.324.0-canary.0, =5.0.0, =2026.3.17-canary.3, =0.6.5, =0.6.6...