Lucene search
K

4 matches found

Rapid7 Blog
Rapid7 Blog
added 2026/06/19 5:8 p.m.6 views

Weekly Metasploit Update: NTLM Relay Priv Esc, MCP Server Integration, Paperclip AI RCE Chain, and more

This week's release includes five new modules, including a full unauthenticated RCE chain for Paperclip AI and a VS Code extension persistence technique. On the post-exploitation side, the new windows/local/ntlmrelay2self module coerces the local machine account to authenticate via...

10CVSS6.8AI score0.01972EPSS
Exploits11
Packet Storm
Packet Storm
added 2026/06/12 12:0 a.m.56 views

📄 Paperclip AI Remote Code Execution

Paperclip is the operating system for your AI company. You set the goals, hire AI agents as employees, and watch them plan and execute work. Prior to version 2026.410.0, Paperclip allows for unauthenticated remote code execution on any network-accessible instance running in authenticated mode wit...

10CVSS6.3AI score0.01972EPSS
Exploits4
GithubExploit
GithubExploit
added 2026/04/24 8:27 a.m.117 views

Exploit for CVE-2026-41679

CVE-2026-41679 Introduction This POC tests if a paperclip...

10CVSS5.3AI score0.01972EPSS
Exploits4
vulnersOsv
vulnersOsv
added 2026/04/16 10:45 p.m.9 views

@paperclipai/adapter-claude-local (>=2026.3.17-canary.0 <=2026.411.0-canary.8), @paperclipai/adapter-codex-local (>=2026.3.17-canary.0 <=2026.411.0-canary.8) +12 more potentially affected by unknown CVE via @paperclipai/adapter-utils (>=2026.318.0-canary.0 <=2026.416.0-canary.1)

@paperclipai/adapter-utils NPM version =2026.318.0-canary.0, =2026.3.17-canary.0, =2026.3.17-canary.0, =2026.3.17-canary.0, =2026.3.17-canary.0, =2026.3.17-canary.0, =2026.3.17-canary.0, =2026.3.17-canary.0, =2026.3.17-canary.2, =2026.324.0-canary.0, =5.0.0, =2026.3.17-canary.3, =0.6.5, =0.6.6...

5.5AI score
Exploits0
Rows per page
Query Builder