Overview
MCPJam inspector (versions <= 1.4.2) listens on 0.0.0.0 by default with no authentication on its critical endpoint. A crafted HTTP request can install an MCP server and execute arbitrary code on the host. No user interaction required. CVSS 9.8.
Who Is Affected
Reported via GitLab security advisory. Affects developers using the MCPJam inspector tool for debugging and testing MCP servers.
Where It Exists
The vulnerability is in the MCPJam inspector's HTTP server, which binds to 0.0.0.0 (all network interfaces) by default and lacks authentication on its server management endpoint.
When It Was Found
Disclosed February 2026. Affects versions <= 1.4.2. Fixed in v1.4.3.
How It Works
The MCPJam inspector binds to 0.0.0.0, making it accessible from any network the host is connected to. Its server management endpoint accepts unauthenticated requests to install and configure MCP servers. An attacker on the same network (or from the internet if the host has a public IP) can send a crafted HTTP request that installs a malicious MCP server, which then executes arbitrary code.
Impact
Unauthenticated remote code execution from the network. Any developer running MCPJam inspector is exposing a zero-auth RCE endpoint on all network interfaces. In shared networks (offices, coffee shops, co-working spaces), any nearby attacker can compromise the developer's machine.
Mitigation
Update to MCPJam inspector v1.4.3 or later. Bind to 127.0.0.1 instead of 0.0.0.0. Add authentication to all management endpoints. Use network firewalls to restrict access to development tool ports. Never run development tools with network exposure on untrusted networks.