Paperclip: codex_local inherited ChatGPT/OpenAI-connected Gmail and was able to send real email
- Severity:
- High
Description
A Paperclip-managed codex_local runtime was able to access and use a Gmail connector that I had connected in the ChatGPT/OpenAI apps UI, even though I had not explicitly connected Gmail inside Paperclip or separately inside Codex.
In my environment this enabled mailbox access and a real outbound email to be sent from my Gmail account.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 2026.403.0
References
Related Issues
- Paperclip: Malicious skills able to exfiltrate and destroy all user data - Vulnerability
- paperclip Vulnerable to Unauthenticated Remote Code Execution via Import Authorization Bypass - paperclipai - CVE-2026-41679
- CouchAuth has a Server-Side Template Injection vulnerability in its email functionality - CVE-2024-57177
- Gatsby develop server has Local File Inclusion vulnerability - CVE-2023-34238
You might also like:
- Tags:
- npm
- paperclipai
Anything's wrong? Let us know Last updated on April 16, 2026


