VDB
CVE-2026-23744
CVE-2026-23744
PUBLISHED
CVSS 9.800000190734863 CRITICAL
MCPJam inspector is the local-first development platform for MCP servers. Versions 1.4.2 and earlier are vulnerable to remote code execution (RCE) vulnerability, which allows an attacker to send a crafted HTTP request that triggers the installation of an MCP server, leading to RCE. Since MCPJam inspector by default listens on 0.0.0.0 instead of 127.0.0.1, an attacker can trigger the RCE remotely via a simple HTTP request. Version 1.4.3 contains a patch.
EPSS 30.37% · 96.8th percentile
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
30.37%
96.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| mcpjam | inspector | 0, 0 |
| mcpjam | inspector | 0, 0 |
| MCPJam | inspector | <= 1.4.2, <= 1.4.2 |
Exploit Intelligence
- Hack The Box - DevHub Machine Walkthrough (Medium Linux, CVE-2026-23744, Chisel Tunneling, Jupyter, Root Privilege Escalation) (github-poc-repo)
- Hack The Box - DevHub Machine Walkthrough (Medium Linux, CVE-2026-23744, Chisel Tunneling, Jupyter, Root Privilege Escalation) (github-poc-repo)
- Hack The Box - DevHub Machine Walkthrough (Medium Linux, CVE-2026-23744, Chisel Tunneling, Jupyter, Root Privilege Escalation) (github-poc-repo)
- Hack The Box - DevHub Machine Walkthrough (Medium Linux, CVE-2026-23744, Chisel Tunneling, Jupyter, Root Privilege Escalation) (github-poc-repo)
- Hack The Box - DevHub Machine Walkthrough (Medium Linux, CVE-2026-23744, Chisel Tunneling, Jupyter, Root Privilege Escalation) (github-poc-repo)
- Hack The Box - DevHub Machine Walkthrough (Medium Linux, CVE-2026-23744, Chisel Tunneling, Jupyter, Root Privilege Escalation) (github-poc-repo)
- Hack The Box - DevHub Machine Walkthrough (Medium Linux, CVE-2026-23744, Chisel Tunneling, Jupyter, Root Privilege Escalation) (github-poc-repo)
- Hack The Box - DevHub Machine Walkthrough (Medium Linux, CVE-2026-23744, Chisel Tunneling, Jupyter, Root Privilege Escalation) (github-poc-repo)
- Hack The Box - DevHub Machine Walkthrough (Medium Linux, CVE-2026-23744, Chisel Tunneling, Jupyter, Root Privilege Escalation) (github-poc-repo)
- Hack The Box - DevHub Machine Walkthrough (Medium Linux, CVE-2026-23744, Chisel Tunneling, Jupyter, Root Privilege Escalation) (github-poc)
…and 731 more exploits
Timeline
- Mar 9, 2023 CrowdSec Sighting
- May 30, 2024 CrowdSec Sighting
- May 31, 2024 CrowdSec Sighting
- Jul 31, 2024 CrowdSec Sighting
- Jun 19, 2025 CrowdSec Sighting
- Jan 11, 2026 CrowdSec Sighting
- Jan 16, 2026 CVE Published
- Jan 16, 2026 PoC Published
- Jan 16, 2026 PoC Published
- Jan 17, 2026 EPSS Score
- Jan 20, 2026 EPSS Score
- Jan 22, 2026 PoC Published