GHSA-47wq-cj9q-wpmp: Paperclip: Cross-tenant agent API token minting via missing assertCompanyAccess on /api/agents/:id/keys
criticalvulnerability
security
Source: GitHub Advisory DatabaseApril 16, 2026
Summary
Paperclip, an agent management system, has a critical authorization bypass vulnerability where three API endpoints for managing agent API keys (`POST /api/agents/:id/keys`, `GET /api/agents/:id/keys`, and `DELETE /api/agents/:id/keys/:keyId`) only verify that a user is logged in, but fail to check if they belong to the company that owns the target agent. This allows any authenticated user to create plaintext API tokens for agents in other companies, effectively bypassing the multi-tenant security boundary (the separation that prevents one company's data from being accessed by another).
Classification
Attack Type
Supply Chain
Attack SophisticationTrivial
Impact (CIA+S)
confidentialityintegrity
Affected Vendors
Affected Packages
@paperclipai/server@< 2026.416.0 (fixed: 2026.416.0)
Related Issues
Monthly digest — independent AI security research
Original source: https://github.com/advisories/GHSA-47wq-cj9q-wpmp
First tracked: April 16, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 95%