Paperclip: Approval decision attribution spoofing via client-controlled `decidedByUserId` in paperclip server
- Severity:
- Medium
Description
The approval-resolution endpoints (POST /approvals/:id/approve, /reject, /request-revision) accept a client-supplied decidedByUserId field in the request body and write it verbatim into the authoritative approvals.decidedByUserId column — without cross-checking it against the authenticated actor.
Recommendation
Update the @paperclipai/server package to the latest compatible version. Followings are version details:
- Affected version(s): < 2026.416.0
- Patched version(s): 2026.416.0
References
Related Issues
- Paperclip: Arbitrary File Read via Agent-Controlled adapterConfig.instructionsFilePath - Vulnerability
- Paperclip: Cross-tenant agent API token minting via missing assertCompanyAccess on /api/agents/:id/keys - Vulnerability
- Paperclip: OS Command Injection via Execution Workspace cleanupCommand - Vulnerability
- Paperclip: Privilege Escalation via Agent-Controlled workspaceStrategy.provisionCommand Leading to OS Command Execution - CVE-2026-41208
You might also like:
- Tags:
- npm
- @paperclipai/server
Anything's wrong? Let us know Last updated on April 16, 2026