CVE-2026-23744
CRITICALCVSS v3
9.8
CRITICAL
EPSS Score
29.4%
exploit probability
CISA KEV
No
known exploited
Exploitation
—
SSVC status
Description
MCPJam inspector is the local-first development platform for MCP servers. Versions 1.4.2 and earlier are vulnerable to remote code execution (RCE) vulnerability, which allows an attacker to send a crafted HTTP request that triggers the installation of an MCP server, leading to RCE. Since MCPJam inspector by default listens on 0.0.0.0 instead of 127.0.0.1, an attacker can trigger the RCE remotely via a simple HTTP request. Version 1.4.3 contains a patch.
Technical Details
- CVSS v3 Vector
- 3.1
- Published
- 1/16/2026
- Last Modified
- 3/13/2026
Frequently Asked Questions
What is CVE-2026-23744?
MCPJam inspector is the local-first development platform for MCP servers. Versions 1.4.2 and earlier are vulnerable to remote code execution (RCE) vulnerability, which allows an attacker to send a crafted HTTP request that triggers the installation of an MCP server, leading to RCE. Since MCPJam inspector by default listens on 0.0.0.0 instead of 127.0.0.1, an attacker can trigger the RCE remotely via a simple HTTP request. Version 1.4.3 contains a patch.
Is CVE-2026-23744 actively exploited?
Active exploitation of CVE-2026-23744 has not been confirmed. The EPSS score is 29.4%, indicating the estimated probability of exploitation in the next 30 days.
What is the CVSS score for CVE-2026-23744?
CVE-2026-23744 has a CVSS v3 base score of 9.8 (CRITICAL severity), with vector string 3.1.
Is CVE-2026-23744 affecting your environment?
Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.