{"data":{"id":"2c7c8d75-7288-4c3b-a7a7-456ed5c1adac","title":"CVE-2026-41679: Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Prior to version 202","summary":"Paperclip is a Node.js server (a JavaScript runtime that runs outside web browsers) with a React UI (a framework for building user interfaces) that manages multiple AI agents to automate business tasks. Before version 2026.416.0, an attacker without any login credentials could gain full remote code execution (the ability to run arbitrary commands on the target system) on any publicly accessible Paperclip instance using its default settings, simply by knowing the server's address and making six automated API calls (requests to the server's functions).","solution":"Update to version 2026.416.0, which patches the vulnerability.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-41679","publishedAt":"2026-04-23T02:16:19.180Z","cveId":"CVE-2026-41679","cweIds":["CWE-287","CWE-862","CWE-1188"],"cvssScore":"10","cvssSeverity":"critical","severity":"critical","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Paperclip"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","attackVector":"network","attackComplexity":"low","privilegesRequired":"none","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-04-23T02:16:19.180Z","capecIds":["CAPEC-114","CAPEC-122"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}