## https://sploitus.com/exploit?id=CC7CD69F-1974-569F-950F-4CDEA50F0227
# CVE-2026-23744
---
## Description
MCPJam inspector is a local-first development platform for MCP servers. The versions `<=1.4.2` are vulnerable to remote code execution vulnerability, which allows an attacker to send a crafted HTTP request that triggers the installation of an MCP server, leading to RCE. For details about the vulnerability, see references.
## Usage
### Requirement
```
$ pip install requests
```
### Proof-of-concept usage
```
$ python3 exploit.py [-h] [--lhost LHOST] [--lport LPORT] [--rhost RHOST] [--rport RPORT]
```
### Options
```
-h, --help show the help message and exit
--lhost LHOST local host IP
--lport LPORT local host port
--rhost RHOST remote IP
--rport RPORT remote port
```
## References
- [cve.org/CVERecord?id=CVE-2026-23744](cve.org/CVERecord?id=CVE-2026-23744)
- [github.com/advisories/GHSA-232v-j27c-5pp6](github.com/advisories/GHSA-232v-j27c-5pp6)