Product
critical
advisory
Paperclip Unauthenticated Remote Code Execution via Import Authorization Bypass
2 rules 4 TTPs 1 IOCAn unauthenticated attacker can achieve remote code execution on Paperclip instances by exploiting multiple vulnerabilities, including open signup, self-approval of CLI authentication challenges, and missing authorization checks in the company import endpoint, leading to arbitrary command execution as the server's OS user.
Paperclip +2
rce
authentication-bypass
code-execution
2r
4t
1i
critical
advisory
Paperclip Privilege Escalation via Agent API Key
2 rules 2 TTPsA privilege escalation vulnerability in Paperclip allows an attacker with an Agent API key to execute arbitrary OS commands on the Paperclip server host by injecting commands into the `adapterConfig.workspaceStrategy.provisionCommand` field via the `/agents/:id` API endpoint, leading to remote code execution.
Paperclip
privilege-escalation
remote-code-execution
2r
2t