GitLab Advisory — MCPJam Inspector RCE (CVE-2026-23744)
AI relevance: MCPJam Inspector is used to develop and test MCP tool servers; RCE lets attackers subvert agent toolchains and the local tool registry.
- CVE-2026-23744 impacts
@mcpjam/inspectorversions ≤ 1.4.2. - An unauthenticated HTTP endpoint can be abused to install an MCP server, leading to remote code execution.
- The issue is remote and no-click because Inspector listens on 0.0.0.0 by default.
- NVD notes the fix in v1.4.3 and classifies it under missing auth for a critical function (CWE-306).
- The GitHub advisory and fix commit document the remediation.
Security impact
RCE in an MCP inspector means a tool designed to analyze agents becomes an attack vector against them. In real deployments, inspectors are often privileged — they need access to prompts, tool traces, and internal artifacts. If compromised, they can leak or tamper with those traces, altering the agent’s decision chain or exfiltrating sensitive data at scale.
Inspectors are frequently integrated into the dev pipeline to debug agent behavior. That makes them a bridge between production traffic and developer machines, which is a prime target for adversaries. A successful exploit can move laterally into developer environments and CI pipelines, turning a diagnostics component into a supply-chain foothold.
Mitigation strategy
Upgrade immediately and isolate inspector services from production networks. Use dedicated service accounts with least privilege and block direct access from the Internet. Treat telemetry tools as privileged systems: monitor them, log access, and rotate credentials regularly.
Why it matters
- Inspector environments are often used by engineers to test agent tools, so RCE can poison local toolchains and dev credentials.
- Attackers could insert malicious MCP servers that exfiltrate data or tamper with tool outputs.
- Default 0.0.0.0 exposure makes this exploitable on developer networks and shared hosts.
What to do
- Upgrade: Move to
@mcpjam/inspectorv1.4.3+. - Bind locally: Ensure Inspector listens on
127.0.0.1unless you explicitly need remote access. - Audit MCP installs: Review installed servers for unexpected changes or new packages.