Paperclip Unauthenticated Remote Code Execution Vulnerability

A critical vulnerability in Paperclip, a Node.js server and React UI application, allows unauthenticated remote code execution on instances running in 'authenticated' mode with the default configuration. The vulnerability exists in versions prior to 2026.416.0. The exploitation process is fully automated, requires no user interaction or credentials, and involves a chain of six API calls. The issue arises from open registration, which enables the creation of accounts without verification, and a flaw in the import authorization process that bypasses necessary checks for executing code via imported agents.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the server's operating system, as the Paperclip server's OS user. This access includes full read and write permissions to the filesystem, access to all data within the Paperclip database, the ability to interact with internal network services, disruption of agent operations, and unauthorized access to sensitive company data through the Paperclip API.

Reproduction

The vulnerability can be reproduced by creating an account through the sign-up API, which is available without invitation or email verification. After signing in and capturing the session cookie, a CLI authentication challenge can be created and self-approved using the same session. Once authenticated as a board user, the import endpoint can be accessed without the necessary instance admin privileges, allowing the deployment of an agent configured to execute arbitrary commands. After triggering the agent, the executed commands can be verified by checking for a marker file that indicates successful execution.

Remediation

To address this vulnerability, it is recommended to disable open registration by default, require email verification for account creation, and add the necessary authorization checks to the import endpoint to ensure that only users with instance admin privileges can create new companies.