Description

MCPJam inspector is the local-first development platform for MCP servers. Versions 1.4.2 and earlier are vulnerable to remote code execution (RCE) vulnerability, which allows an attacker to send a crafted HTTP request that triggers the installation of an MCP server, leading to RCE. Since MCPJam inspector by default listens on 0.0.0.0 instead of 127.0.0.1, an attacker can trigger the RCE remotely via a simple HTTP request. Version 1.4.3 contains a patch.

INFO

Published Date :

2026-01-16T20:10:37.458Z

Last Modified :

2026-01-16T21:15:53.738Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-23744 vulnerability.

Vendors Products
Mcpjam
  • Inspector
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-23744.

URL Resource
https://github.com/MCPJam/inspector/commit/e6b9cf9d9e6c9cbec31493b1bdca3a1255fe3e7a cve-icon cve-icon
https://github.com/MCPJam/inspector/security/advisories/GHSA-232v-j27c-5pp6 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact