Share
## https://sploitus.com/exploit?id=E1418486-CD7F-5A52-8882-B3F2862C96EB
# exploit-CVE-2026-23744
MCPJam Inspector is a local-first development platform for MCP servers. In versions 1.4.2 (and earlier), a RCE flaw lets attackers send crafted HTTP request that installs an MCP server and runs code remotely, because the service listens on 0.0.0.0 (instead of 127.0.0.1) by default.

To run:
1. set corresponding ports and IP's
2. set up a listener on attacker machine e.g. "nc -lvnp 4444" (or any attacker port)
3. execute command "python3 run.py"