CVE-2026-23744 Scanner

MCPJam Inspector is a development platform designed for local-first deployment of MCP servers, primarily used by developers to streamline MCP server management. It provides a set of tools and services to facilitate efficient server operations and testing during the development process. The platform is widely utilized in environments where MCP servers are prevalent and is considered an essential tool for development teams aiming to maintain a smooth and controlled MCP ecosystem. It caters to a range of development activities, including local server setups and facilitating seamless transitions between testing and production environments. By automating several development tasks, MCPJam Inspector aims to improve productivity and reduce manual server configuration requirements.

The Remote Code Execution vulnerability in MCPJam Inspector 1.4.2 and earlier poses a severe threat, as it allows attackers to execute arbitrary system commands on the affected host. This vulnerability is rooted in the insecure handling of specially crafted HTTP requests, which can be used to exploit the /api/mcp/connect endpoint. As a critical vulnerability with a high CVSS score, it presents a serious risk to MCPJam server environments if not addressed promptly. The nature of RCE means that attackers could potentially gain full control over the targeted system, leading to further exploitation or disruption. The widespread impact of this vulnerability highlights the necessity for urgent remediation measures to ensure server safety and security.

Technically, the RCE vulnerability can be triggered by sending a crafted HTTP POST request to the /api/mcp/connect endpoint. The request manipulates server configuration parameters, particularly concerning command execution capabilities. With parameters like "command" and "args," an attacker can remotely execute commands such as "curl," exploiting the server's handling of interactive protocols. The vulnerability's detection relies on specific errors in the server's HTTP responses that indicate failed connections and MCP errors. Matching these conditions confirms the ability for remote code execution to occur, necessitating immediate attention to patch affected systems and restrict vulnerable endpoints.

Exploitation of this RCE vulnerability can lead to significant system compromise, including unauthorized access to sensitive data, disruption of server operations, or even leveraging the compromised server for further network attacks. Additionally, full remote control of the MCP server could result in unauthorized installations or modifications, posing severe risk to data integrity and server stability. Such actions can undermine trust in the development environment, potentially leading to financial and reputational damage. Therefore, mitigating this vulnerability is crucial to maintaining secure and reliable server infrastructure.

REFERENCES

• https://github.com/MCPJam/inspector/security/advisories/GHSA-232v-j27c-5pp6
• https://github.com/advisories/GHSA-232v-j27c-5pp6
• https://nvd.nist.gov/vuln/detail/CVE-2026-23744