Command Injection Affecting @paperclipai/server package, versions <2026.416.0
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-JS-PAPERCLIPAISERVER-16421517
- published5 May 2026
- disclosed16 Apr 2026
- creditYuval Elbar
Introduced: 16 Apr 2026
New CVE NOT AVAILABLE CWE-78 (opens in a new tab)How to fix?
Upgrade @paperclipai/server to version 2026.416.0 or higher.
Overview
Affected versions of this package are vulnerable to Command Injection via the cleanupCommand field in the PATCH /api/execution-workspaces/:id endpoint, which is stored and later executed by the server without input validation or sanitization. An attacker can execute arbitrary system commands with the privileges of the server process by supplying crafted input to this field, potentially leading to full system compromise, data exfiltration, or lateral movement within the environment.
Note: This is only exploitable if the deployment is in local_trusted mode (default for desktop installations, requiring zero authentication) or if any authenticated user has access in authenticated mode.