Vendor
Paperclip Unauthenticated Remote Code Execution via Import Authorization Bypass
2 rules 4 TTPs 1 IOCAn unauthenticated attacker can achieve remote code execution on Paperclip instances by exploiting multiple vulnerabilities, including open signup, self-approval of CLI authentication challenges, and missing authorization checks in the company import endpoint, leading to arbitrary command execution as the server's OS user.
Paperclip Privilege Escalation via Agent API Key
2 rules 2 TTPsA privilege escalation vulnerability in Paperclip allows an attacker with an Agent API key to execute arbitrary OS commands on the Paperclip server host by injecting commands into the `adapterConfig.workspaceStrategy.provisionCommand` field via the `/agents/:id` API endpoint, leading to remote code execution.
Paperclip AI OS Command Injection via Execution Workspace cleanupCommand
2 rules 1 TTPA critical OS command injection vulnerability exists in Paperclip AI v2026.403.0 within the execution workspace lifecycle. By injecting arbitrary shell commands into the `cleanupCommand` field via the `PATCH /api/execution-workspaces/:id` endpoint, an attacker can execute these commands on the server when the workspace is archived.