{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-06T06:05:29.984","vulnerabilities":[{"cve":{"id":"CVE-2026-23744","sourceIdentifier":"security-advisories@github.com","published":"2026-01-16T20:15:51.763","lastModified":"2026-03-13T14:19:59.880","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"MCPJam inspector is the local-first development platform for MCP servers. Versions 1.4.2 and earlier are vulnerable to remote code execution (RCE) vulnerability, which allows an attacker to send a crafted HTTP request that triggers the installation of an MCP server, leading to RCE. Since MCPJam inspector by default listens on 0.0.0.0 instead of 127.0.0.1, an attacker can trigger the RCE remotely via a simple HTTP request. Version 1.4.3 contains a patch."},{"lang":"es","value":"MCPJam inspector es la plataforma de desarrollo local-first para servidores MCP. Las versiones 1.4.2 y anteriores tienen una vulnerabilidad de ejecución remota de código (RCE), que permite a un atacante enviar una solicitud HTTP manipulada que desencadena la instalación de un servidor MCP, lo que lleva a un RCE. Dado que MCPJam inspector por defecto escucha en 0.0.0.0 en lugar de 127.0.0.1, un atacante puede provocar la RCE de forma remota a través de una simple solicitud HTTP. La versión 1.4.3 contiene un parche."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mcpjam:inspector:*:*:*:*:*:*:*:*","versionEndExcluding":"1.4.3","matchCriteriaId":"5D462285-6F2E-445A-B169-77B9CC71AD45"}]}]}],"references":[{"url":"https://github.com/MCPJam/inspector/commit/e6b9cf9d9e6c9cbec31493b1bdca3a1255fe3e7a","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/MCPJam/inspector/security/advisories/GHSA-232v-j27c-5pp6","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}