Ddos 
Paperclip—a Node.js and React-based platform—has become a popular choice for businesses looking to deploy teams of AI agents. However, a newly disclosed security flaw has revealed that the very system designed to manage a business’s “digital workforce” could be turned into a wide-open gateway for attackers.
The vulnerability carries a CVSS score of 10, the highest possible rating, indicating a critical risk of Unauthenticated Remote Code Execution (RCE).
What makes this vulnerability particularly terrifying is its simplicity. According to the security advisory, “an unauthenticated attacker can achieve full remote code execution on any network-accessible Paperclip instance running in authenticated mode with default configuration”.
The attack requires no user interaction and no valid credentials; the entire chain can be completed in just six API calls.
The exploit works by chaining four independent architectural oversights into a single “super-vulnerability”:
- Open Registration: By default, Paperclip allows anyone to sign up for an account without an invite token.
- No Email Verification: The system is hardcoded to skip email verification, meaning throwaway accounts are immediately granted valid sessions.
- Self-Approval Loophole: Once a session is established, a flaw in the CLI authentication flow allows a user to “self-approve” their own persistent API keys.
- Import Authorization Bypass: The final blow comes from an authorization bypass in the “import” endpoint. While standard creation endpoints require “Instance Admin” rights, the import path was found to be missing these vital checks.
The vulnerability stems from “default-open” configurations buried in the source code. Specifically, the variable authDisableSignUp defaults to false, and email verification is hardcoded as false in the authentication logic. This “silent” combination allows an attacker to walk through the front door and seize the keys to the entire house.
If you are running a Paperclip instance, you are urged to update and reconfigure your environment immediately to block this RCE path.
| Action Item | Technical Fix |
| Upgrade Software | Move to @paperclipai/server v2026.410.0 or later. |
| Close Registration | Explicitly set PAPERCLIP_AUTH_DISABLE_SIGN_UP to true in your deployment guide. |
| Enable Verification | Set requireEmailVerification to true to stop automated account creation. |
| Patch Endpoints | Ensure the assertInstanceAdmin check is applied to both the /import and /import/preview endpoints. |
Until these patches are applied, any Paperclip instance exposed to the internet is essentially an open terminal for anyone with six lines of curl code.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
