CVE-2026-23744CRITICAL 9.8EPSS p98.3%

CVE-2026-23744CVE-2026-23744

Description

MCPJam inspector is the local-first development platform for MCP servers. Versions 1.4.2 and earlier are vulnerable to remote code execution (RCE) vulnerability, which allows an attacker to send a crafted HTTP request that triggers the installation of an MCP server, leading to RCE. Since MCPJam inspector by default listens on 0.0.0.0 instead of 127.0.0.1, an attacker can trigger the RCE remotely via a simple HTTP request. Version 1.4.3 contains a patch.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS36.13% probability of exploitation · percentile 98.3% · 2026-06-18T12:00:27Z
Published2026-01-16
Last modified2026-03-13

Underlying weaknesses· 1

CWE-306

References

  1. https://github.com/MCPJam/inspector/commit/e6b9cf9d9e6c9cbec31493b1bdca3a1255fe3e7a
  2. https://github.com/MCPJam/inspector/security/advisories/GHSA-232v-j27c-5pp6

1

TypeTargetConfidenceTier
WeaknessMissing Authentication for Critical Functioncwe-3060%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-30624
CVE
CVE-2026-34742
CVE
CVE-2025-6514
CVE
CVE-2025-61492
CVE
CVE-2025-54424
CVE
CVE-2025-66401
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.