Product
An unauthenticated attacker can achieve remote code execution on Paperclip instances by exploiting multiple vulnerabilities, including open signup, self-approval of CLI authentication challenges, and missing authorization checks in the company import endpoint, leading to arbitrary command execution as the server's OS user.