GHSA-47wq-cj9q-wpmp: Paperclip: Cross-tenant agent API token minting via missing assertCompanyAccess on /api/agents/:id/keys
Summary
Paperclip, an agent management system, has a critical authorization bypass vulnerability where three API endpoints for managing agent API keys (`POST /api/agents/:id/keys`, `GET /api/agents/:id/keys`, and `DELETE /api/agents/:id/keys/:keyId`) only verify that a user is logged in, but fail to check if they belong to the company that owns the target agent. This allows any authenticated user to create plaintext API tokens for agents in other companies, effectively bypassing the multi-tenant security boundary (the separation that prevents one company's data from being accessed by another).
Classification
Affected Vendors
Affected Packages
Related Issues
CVE-2026-63086: text-generation-inference through 3.3.7 contains a server-side request forgery (SSRF) vulnerability in the OpenAI-compat
CVE-2026-34371: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e
Original source: https://github.com/advisories/GHSA-47wq-cj9q-wpmp
First tracked: April 16, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 95%