Exploit for Missing Authentication for Critical Function in Mcpjam Inspector CVE-2026-23744

Name: Exploit for Missing Authentication for Critical Function in Mcpjam Inspector CVE-2026-23744
Rating: 5 (4 reviews)

2026-06-05 | CVSS 9.8

## https://sploitus.com/exploit?id=C38CCF85-8514-59A1-A7BA-090EC4E421AC
# CVE-2026-23744-MCPJAM-RCE-exploit
This Python proof-of-concept targets a vulnerable MCP (Model Context Protocol) service exposed by the target application. The vulnerability allows an attacker to supply arbitrary server configuration parameters through the /api/mcp/connect endpoint.

Affected Endpoint

POST /api/mcp/connect

Tools and Technologies Used
Python 3
requests library
HTTP/JSON API communication
MCP service interface
Execution

Install dependencies:

```
pip install requests

```

Run the proof of concept:

```
python exploit.py
```
Proof-of-Concept Workflow
Define the target MCP endpoint.
Construct a malicious serverConfig object.
Send a POST request to /api/mcp/connect.
Trigger execution of the supplied command on the target.
Display the server response.