CVE-2026-23744

This repository contains a functional Python exploit for CVE-2026-23744, which targets an RCE vulnerability in MCPJam inspector versions <= 1.4.2 via a crafted HTTP request to the /api/mcp/connect endpoint. The exploit sends a reverse shell payload to the target, demonstrating the vulnerability.

This repository contains a functional proof-of-concept exploit for CVE-2026-23744, targeting MCPJam inspector versions <= 1.4.2. The exploit sends a crafted HTTP request to trigger remote code execution by leveraging the vulnerable API endpoint `/api/mcp/connect`.

The repository contains a functional Python exploit for CVE-2026-23744, targeting MCPJam Inspector versions 1.4.2 and earlier. The exploit sends a crafted HTTP POST request to the '/api/mcp/connect' endpoint, allowing remote command execution due to the service listening on 0.0.0.0 instead of 127.0.0.1.

The repository contains a functional Python exploit for CVE-2026-23744, demonstrating unauthenticated remote code execution (RCE) via command injection in the `/api/mcp/connect` endpoint. The exploit sends a crafted JSON payload to execute a reverse shell, with clear instructions and technical details provided in the README.

This repository contains a functional exploit for CVE-2026-23744, targeting MCPJam Inspector <= 1.4.2. The exploit leverages unauthenticated RCE via the `/api/mcp/connect` endpoint and escalates privileges via Docker socket abuse to achieve a root reverse shell.

This repository contains a functional exploit for CVE-2026-23744, targeting MCPJam Inspector <= 1.4.2. The exploit leverages unauthenticated RCE via the `/api/mcp/connect` endpoint and escalates privileges using Docker socket abuse to achieve a root reverse shell.

This repository contains a functional Python exploit for CVE-2026-23744, an unauthenticated RCE vulnerability in MCP servers via the `/api/mcp/connect` endpoint. The exploit sends a crafted JSON payload to execute arbitrary commands without authentication.

The repository contains a functional Python exploit for CVE-2026-23744, targeting MCPJam Inspector <=1.4.2. The exploit sends a crafted JSON payload to the /api/mcp/connect endpoint, triggering a reverse shell via a command injection vulnerability.

This repository contains a functional exploit for CVE-2026-23744, which abuses an unauthenticated command injection vulnerability in MCPJam Inspector's /api/mcp/connect endpoint. The exploit sends a crafted JSON payload to execute arbitrary system commands via the 'command' and 'args' fields, demonstrating blind RCE.

The repository contains a functional Python script that exploits CVE-2026-23744, a remote code execution (RCE) vulnerability in MCPJam inspector versions 1.4.2 and earlier. The exploit sends a crafted HTTP request to trigger the installation of an MCP server, leading to RCE via a reverse shell.

The repository contains a functional exploit for CVE-2026-23744, targeting an unauthenticated RCE vulnerability in MCPJam Inspector <= 1.4.2 via a crafted JSON payload to the /api/mcp/connect endpoint. The exploit establishes a reverse shell using bash.

The repository contains a functional exploit for CVE-2026-23744, targeting MCPJam Inspector with an unauthenticated RCE via crafted POST requests to `/api/mcp/connect`. It includes a detailed writeup and a Python script demonstrating the vulnerability.

This repository contains a functional Python exploit for CVE-2026-23744, targeting MCPJam Inspector <=1.4.2. The exploit sends a crafted JSON payload to the target's API endpoint, executing a reverse shell or a test command via base64-encoded bash commands.

The repository contains a functional Python script that exploits CVE-2026-23744, an RCE vulnerability in MCPJam Inspector. The exploit sends a crafted JSON payload to the target's API endpoint, triggering a reverse shell to the attacker's specified IP and port.

The repository contains a functional Python exploit for CVE-2026-23744, an unauthenticated RCE vulnerability in MCPJam Inspector <= 1.4.2. The exploit sends a crafted POST request to the `/api/mcp/connect` endpoint with a malicious `serverConfig` payload to execute arbitrary commands.

This repository contains a functional Python exploit for CVE-2026-23744, targeting an MCP API endpoint (`/api/mcp/connect`) to achieve remote command execution via a reverse shell payload. The exploit sends a crafted JSON payload with a command injection vector, leveraging `busybox nc` for shell connectivity.

The repository contains a functional exploit for CVE-2026-23744, targeting MCPJam inspector <= 1.4.2. The exploit sends a crafted HTTP POST request to the `/api/mcp/connect` endpoint, triggering remote code execution via a reverse shell payload using `busybox` and `nc`.

This repository provides a Docker-based lab environment to demonstrate CVE-2026-23744, a vulnerability in MCPJam Inspector where the vulnerable version (1.4.2) listens on all interfaces (0.0.0.0:6274), allowing remote exploitation, while the patched version (1.4.3) binds to loopback (127.0.0.1:6274). The included Python exploit script (`exploit.py`) sends a crafted POST request to the `/api/mcp/connect` endpoint to achieve remote command execution (RCE).