top of page
perceptive_background_267k.jpg

MCPJam inspector is the local-first development platform for MCP servers. Versions 1.4.2 and earlier are vulnerable to remote code execution (RCE) vulnerability…

Published:

15 January 2026 at 23:00:00

Alert date:

16 January 2026 at 21:01:29

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Security Tools

MCPJam inspector versions 1.4.2 and earlier contain a remote code execution vulnerability that allows attackers to send crafted HTTP requests triggering MCP server installation leading to RCE. The vulnerability is particularly dangerous because MCPJam inspector defaults to listening on 0.0.0.0 instead of 127.0.0.1, enabling remote exploitation via simple HTTP requests. This affects the local-first development platform for MCP servers and can be exploited without authentication.

Technical details

Mitigation steps:

Affected products:

MCPJam inspector

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-23744
https://github.com/MCPJam/inspector/security/advisories/GHSA-232v-j27c-5pp6

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page