Share
## https://sploitus.com/exploit?id=CC7CD69F-1974-569F-950F-4CDEA50F0227
# CVE-2026-23744
---

## Description

MCPJam inspector is a local-first development platform for MCP servers. The versions `<=1.4.2` are vulnerable to remote code execution vulnerability, which allows an attacker to send a crafted HTTP request that triggers the installation of an MCP server, leading to RCE. For details about the vulnerability, see references.

## Usage

### Requirement

```
$ pip install requests
```

### Proof-of-concept usage

```
$ python3 exploit.py [-h] [--lhost LHOST] [--lport LPORT] [--rhost RHOST] [--rport RPORT]
```

### Options

```
-h, --help     show the help message and exit
--lhost LHOST  local host IP
--lport LPORT  local host port
--rhost RHOST  remote IP
--rport RPORT  remote port
```

## References

- [cve.org/CVERecord?id=CVE-2026-23744](cve.org/CVERecord?id=CVE-2026-23744)
- [github.com/advisories/GHSA-232v-j27c-5pp6](github.com/advisories/GHSA-232v-j27c-5pp6)