Paperclip: Cross-tenant agent API token minting via missing assertCompanyAccess on /api/agents/:id/keys
- Severity:
- High
Description
Isolated paperclip instance running in authenticated mode (default config) on a clean Docker image matching commit b649bd4 (2026.411.0-canary.8, post the 2026.410.0 patch).
Recommendation
Update the @paperclipai/server package to the latest compatible version. Followings are version details:
- Affected version(s): < 2026.416.0
- Patched version(s): 2026.416.0
References
Related Issues
- Paperclip: Cross-tenant agent API key IDOR in `/agents/:id/keys` routes allows full victim-company compromise - Vulnerability
- Paperclip: Unauthenticated Access to Multiple API Endpoints in Authenticated Mode - Vulnerability
- Paperclip: Privilege Escalation via Agent-Controlled workspaceStrategy.provisionCommand Leading to OS Command Execution - CVE-2026-41208
- Paperclip: Approval decision attribution spoofing via client-controlled `decidedByUserId` in paperclip server - Vulnerability
You might also like:
- Tags:
- npm
- @paperclipai/server
Anything's wrong? Let us know Last updated on April 16, 2026