CVE-2026-23744P1CRITICALCVSS 9.8ExploitedPoCfixed in 1.4.3·≤ 1.4.22026-01-16
CVE-2026-23744 [CRITICAL] CWE-306 CVE-2026-23744: MCPJam inspector is the local-first development platform for MCP servers. Versions 1.4.2 and earlier
MCPJam inspector is the local-first development platform for MCP servers. Versions 1.4.2 and earlier are vulnerable to remote code execution (RCE) vulnerability, which allows an attacker to send a crafted HTTP request that triggers the installation of an MCP server, leading to RCE. Since MCPJam inspector by default listens on 0.0.0.0 instead of 12
ghsanvdosv