CVE-2026-23744

This repository contains a functional Python exploit for CVE-2026-23744, which targets an RCE vulnerability in MCPJam inspector versions <= 1.4.2 via a crafted HTTP request to the /api/mcp/connect endpoint. The exploit sends a reverse shell payload to the target, demonstrating the vulnerability.

This repository contains a functional proof-of-concept exploit for CVE-2026-23744, targeting MCPJam inspector versions <= 1.4.2. The exploit sends a crafted HTTP request to trigger remote code execution by leveraging the vulnerable API endpoint `/api/mcp/connect`.

This repository contains a functional, bounded proof-of-concept validator for CVE-2026-23744, an unauthenticated remote command execution vulnerability in MCPJam Inspector. The tool executes a fixed evidence command to confirm vulnerability without providing a general-purpose exploit framework.

The repository contains a functional Python script that exploits CVE-2026-23744 by sending a crafted JSON payload to the /api/mcp/connect endpoint, achieving Remote Code Execution (RCE) via command injection. The README provides a technical analysis of the vulnerability, including root cause details and exploitation mechanics.

The repository contains a functional Python exploit for CVE-2026-23744, targeting an RCE vulnerability in mcpJam v1.4.2 via the `/api/mcp/connect` endpoint. It uses Base64 encoding to bypass input validation and executes arbitrary commands through `/bin/bash`.

This repository contains a functional Python exploit for CVE-2026-23744, targeting an RCE vulnerability in the MCP (Model Context Protocol) service via the /api/mcp/connect endpoint. The exploit sends a crafted JSON payload to execute arbitrary commands (e.g., a reverse shell) on the target system.

This exploit targets CVE-2026-23744 by sending a crafted POST request to the '/api/mcp/connect' endpoint with a payload that executes a reverse shell via 'busybox nc'. The payload includes a command injection to establish a connection to an attacker-controlled IP and port.

This repository contains a functional exploit for CVE-2026-23744, an unauthenticated remote code execution vulnerability in MCPJam MCP Proxy Inspector versions <= 1.4.2. The exploit leverages command injection via the `/api/mcp/connect` endpoint to spawn a reverse shell.

The repository contains only a minimal README with no exploit code, technical details, or functional proof-of-concept. It is a placeholder with no substantive content.

This repository contains a functional Python-based exploit for CVE-2026-23744, targeting MCPJam Inspector <= 1.4.2. The exploit leverages a command injection vulnerability in the `/api/mcp/connect` endpoint to achieve remote code execution via a reverse shell.

The repository contains a functional Python exploit for CVE-2026-23744, targeting an RCE vulnerability in MCPJam Inspector versions <= 1.4.2. The exploit sends a crafted HTTP request to trigger command execution via the `/api/mcp/connect` endpoint.

This repository contains a functional Python exploit for CVE-2026-23744, targeting an unauthenticated RCE vulnerability in MCPJam Inspector v1.4.2 via the `/api/mcp/connect` endpoint. The exploit sends a crafted JSON payload to execute a reverse shell command.

This repository contains a functional Python exploit for CVE-2026-23744, targeting MCPJam Inspector 1.4.2. The exploit sends a crafted JSON payload to the `/api/mcp/connect` endpoint, triggering remote code execution via a reverse shell.

This repository contains a functional exploit PoC for CVE-2026-23744, which leverages a command injection vulnerability in a Node.js-based API endpoint to achieve remote code execution (RCE). The exploit sends a crafted payload via a POST request to spawn a reverse shell.

The repository contains a functional Python exploit for CVE-2026-23744, targeting MCPJam Inspector <= 1.4.2. It exploits an unauthenticated RCE vulnerability via the `/api/mcp/connect` endpoint by sending a crafted JSON payload with reverse shell commands.

The repository contains a functional Python exploit for CVE-2026-23744, targeting an RCE vulnerability in MCPJam Inspector <= 1.4.2 via unsanitized input in the /api/mcp/connect endpoint. The exploit sends a crafted POST request with a reverse shell payload to achieve arbitrary command execution.

The repository contains a functional exploit for CVE-2026-23744, targeting an unauthenticated RCE vulnerability in MCPJam Inspector <= 1.4.2. The exploit sends a crafted JSON payload to /api/mcp/connect, which spawns a reverse shell via child_process.spawn. It includes a vulnerability check and supports both HTTP and HTTPS.

The repository contains a functional Python script that exploits CVE-2026-23744 by sending a crafted POST request to the target's `/api/mcp/connect` endpoint, executing a reverse shell via `busybox nc`. The exploit leverages command injection through the `serverConfig` JSON payload.

This repository contains a functional exploit for CVE-2026-23744, targeting a remote command execution (RCE) vulnerability in a service running on port 6274. The exploit sends a crafted JSON payload to the '/api/mcp/connect' endpoint, allowing arbitrary command execution, including reverse shell payloads.

The repository contains a functional Python exploit for CVE-2026-23744, targeting an HTTP endpoint in MCPJam inspector. The exploit sends a crafted JSON payload to execute arbitrary commands via the `/api/mcp/connect` endpoint.

This repository provides a detailed technical walkthrough of exploiting CVE-2026-23744 for unauthenticated RCE in MCPJam Inspector, followed by LFI in PrivateBin and Docker group privilege escalation to achieve root access. It includes step-by-step commands, attack chain analysis, and technical insights.

The repository contains a functional Python exploit for CVE-2026-23744, targeting MCPJam Inspector versions 1.4.2 and earlier. The exploit sends a crafted HTTP POST request to the '/api/mcp/connect' endpoint, allowing remote command execution due to the service listening on 0.0.0.0 instead of 127.0.0.1.

The repository contains a functional Python exploit for CVE-2026-23744, demonstrating unauthenticated remote code execution (RCE) via command injection in the `/api/mcp/connect` endpoint. The exploit sends a crafted JSON payload to execute a reverse shell, with clear instructions and technical details provided in the README.

This repository contains a functional exploit for CVE-2026-23744, targeting MCPJam Inspector <= 1.4.2. The exploit leverages unauthenticated RCE via the `/api/mcp/connect` endpoint and escalates privileges via Docker socket abuse to achieve a root reverse shell.

This repository contains a functional exploit for CVE-2026-23744, targeting MCPJam Inspector <= 1.4.2. The exploit leverages unauthenticated RCE via the `/api/mcp/connect` endpoint and escalates privileges using Docker socket abuse to achieve a root reverse shell.

This repository contains a functional Python exploit for CVE-2026-23744, an unauthenticated RCE vulnerability in MCP servers via the `/api/mcp/connect` endpoint. The exploit sends a crafted JSON payload to execute arbitrary commands without authentication.

The repository contains a functional Python exploit for CVE-2026-23744, targeting MCPJam Inspector <=1.4.2. The exploit sends a crafted JSON payload to the /api/mcp/connect endpoint, triggering a reverse shell via a command injection vulnerability.

This repository contains a functional exploit for CVE-2026-23744, which abuses an unauthenticated command injection vulnerability in MCPJam Inspector's /api/mcp/connect endpoint. The exploit sends a crafted JSON payload to execute arbitrary system commands via the 'command' and 'args' fields, demonstrating blind RCE.

The repository contains a functional Python script that exploits CVE-2026-23744, a remote code execution (RCE) vulnerability in MCPJam inspector versions 1.4.2 and earlier. The exploit sends a crafted HTTP request to trigger the installation of an MCP server, leading to RCE via a reverse shell.

The repository contains a functional exploit for CVE-2026-23744, targeting an unauthenticated RCE vulnerability in MCPJam Inspector <= 1.4.2 via a crafted JSON payload to the /api/mcp/connect endpoint. The exploit establishes a reverse shell using bash.

The repository contains a functional exploit for CVE-2026-23744, targeting MCPJam Inspector with an unauthenticated RCE via crafted POST requests to `/api/mcp/connect`. It includes a detailed writeup and a Python script demonstrating the vulnerability.

This repository contains a functional Python exploit for CVE-2026-23744, targeting MCPJam Inspector <=1.4.2. The exploit sends a crafted JSON payload to the target's API endpoint, executing a reverse shell or a test command via base64-encoded bash commands.

The repository contains a functional Python script that exploits CVE-2026-23744, an RCE vulnerability in MCPJam Inspector. The exploit sends a crafted JSON payload to the target's API endpoint, triggering a reverse shell to the attacker's specified IP and port.

The repository contains a functional Python exploit for CVE-2026-23744, an unauthenticated RCE vulnerability in MCPJam Inspector <= 1.4.2. The exploit sends a crafted POST request to the `/api/mcp/connect` endpoint with a malicious `serverConfig` payload to execute arbitrary commands.

This repository contains a functional Python exploit for CVE-2026-23744, targeting an MCP API endpoint (`/api/mcp/connect`) to achieve remote command execution via a reverse shell payload. The exploit sends a crafted JSON payload with a command injection vector, leveraging `busybox nc` for shell connectivity.

The repository contains a functional exploit for CVE-2026-23744, targeting MCPJam inspector <= 1.4.2. The exploit sends a crafted HTTP POST request to the `/api/mcp/connect` endpoint, triggering remote code execution via a reverse shell payload using `busybox` and `nc`.

This repository provides a Docker-based lab environment to demonstrate CVE-2026-23744, a vulnerability in MCPJam Inspector where the vulnerable version (1.4.2) listens on all interfaces (0.0.0.0:6274), allowing remote exploitation, while the patched version (1.4.3) binds to loopback (127.0.0.1:6274). The included Python exploit script (`exploit.py`) sends a crafted POST request to the `/api/mcp/connect` endpoint to achieve remote command execution (RCE).