CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/06/05 7:20 p.m.•7 views

CVE-2026-41208

Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Versions of @paperclipai/server prior to 2026.416.0 contain a privilege escalation vulnerability that allows an attacker with an Agent API key to execute arbitrary OS commands on the Paperclip serv...

8.8CVSS6.7AI score0.00591EPSS

HackRead•added 2026/05/01 7:38 p.m.•8 views

45,000 Attacks, 5,300+ Backdoors Tied to China-Linked Cybercrime Operation

SOCRadar researchers have uncovered a massive Chinese cybercrime operation using the OpenClaw and Paperclip systems to automate global attacks...

5.8AI score

Exploits0

GithubExploit•added 2026/04/24 8:27 a.m.•108 views

Exploit for CVE-2026-41679

CVE-2026-41679 Introduction This POC tests if a paperclip...

10CVSS5.3AI score0.01972EPSS

Exploits4

Snyk•added 2026/04/23 3:7 p.m.•5 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via import flow. An attacker can gain remote code execution using company creation endpoint that improperly checks for admin rights in authenticated mode deployment with default configuration. Remediation Upgrade...

NVD•added 2026/04/23 2:16 a.m.•2 views

Exploits4References2

CVE-2026-41679

10CVSS0.01972EPSS

NVD•added 2026/04/23 2:16 a.m.•5 views

CVE-2026-41208

8.8CVSS0.00591EPSS

ATTACKERKB•added 2026/04/23 12:53 a.m.•2 views

CVE-2026-41679

Exploits4References2Affected Software2

Vulnrichment•added 2026/04/23 12:53 a.m.•3 views

CVE-2026-41679 Paperclip Vulnerable to Unauthenticated Remote Code Execution via Import Authorization Bypass

EUVD•added 2026/04/23 12:53 a.m.•4 views

EUVD-2026-25166

CVE•added 2026/04/23 12:53 a.m.•37 views

CVE-2026-41679

Summary of CVE-2026-41679 (Paperclip) : Paperclip, a Node.js server with a React UI, is vulnerable to unauthenticated remote code execution via an Import Authorization bypass. Up to version 2026.416.0, an unauthenticated attacker can trigger full RCE on any network-accessible Paperclip instance r...

Exploits4References1Affected Software2

ATTACKERKB•added 2026/04/23 12:47 a.m.•3 views

CVE-2026-41208

Exploits1References2Affected Software1

Vulnrichment•added 2026/04/23 12:47 a.m.•1 views

CVE-2026-41208 Paperclip: Privilege Escalation via Agent-Controlled workspaceStrategy.provisionCommand Leading to OS Command Execution

EUVD•added 2026/04/23 12:47 a.m.•3 views

EUVD-2026-25162

CVE•added 2026/04/23 12:47 a.m.•38 views

CVE-2026-41208

The CVE affects Paperclip server (@paperclipai/server) prior to 2026.416.0. A privilege escalation exists where an attacker with an Agent API key can modify adapterConfig via /agents/:id, specifically workspaceStrategy.provisionCommand, which is later executed by the server runtime. This allows i...

Exploits1References1Affected Software1

CNNVD•added 2026/04/23 12:0 a.m.•8 views

Paperclip 操作系统命令注入漏洞

Paperclip is an AI proxy orchestration tool developed by Paperclip Open Source. Versions prior to Paperclip 2026.416.0 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the ability to allow proxy updates via adapterConfig, which could lead to...

8.8CVSS6.2AI score0.00591EPSS

Positive Technologies•added 2026/04/23 12:0 a.m.•4 views

PT-2026-34600

CNNVD•added 2026/04/23 12:0 a.m.•7 views

Exploits1References2

Paperclip 授权问题漏洞

Paperclip is an AI proxy orchestration tool developed by Paperclip Open Source. Versions of Paperclip prior to 2026.416.0 contained an authorization vulnerability. This vulnerability stemmed from the default authenticated configuration, allowing unauthenticated attackers to achieve full remote co...