Paperclip Node.js/React AI orchestrator prior to 2026.416.0
Summary
This critical flaw allows unauthenticated attackers to achieve full remote code execution on any network-accessible Paperclip instance running in default authenticated mode. The attack can be fully automated with only the target network address, requiring no credentials or user interaction. The vulnerability is patched in version 2026.416.0.
Remediation
Immediately upgrade Paperclip to version 2026.416.0 or newer. Restrict public network access to Paperclip instances to only trusted IP ranges until patching is completed.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.