Hub WAF rule

More info

vpatch-CVE-2026-23744 WAF Rule

« MCPJam Inspector - RCE »
v0.1 by crowdsecurity
WAF rule

Detects RCE in MCPJam Inspector via crafted POST to /api/mcp/connect

Installation

cscli appsec-rules install crowdsecurity/vpatch-CVE-2026-23744

YAML Configuration

1## autogenerated on 2026-02-18 14:26:13
2name: crowdsecurity/vpatch-CVE-2026-23744
3description: 'Detects RCE in MCPJam Inspector via crafted POST to /api/mcp/connect'
4rules:
5  - and:
6      - zones:
7          - URI
8        transform:
9          - lowercase
10        match:
11          type: equals
12          value: /api/mcp/connect
13      - zones:
14          - BODY_ARGS
15        variables:
16          - json.serverconfig.command
17        transform:
18          - lowercase
19        match:
20          type: regex
21          value: ".+"
22
23labels:
24  type: exploit
25  service: http
26  confidence: 3
27  spoofable: 0
28  behavior: 'http:exploit'
29  label: 'MCPJam Inspector - RCE'
30  classification:
31    - cve.CVE-2026-23744
32    - attack.T1190
33    - cwe.CWE-306
34

Hub WAF rule

« MCPJam Inspector - RCE »v0.1 by crowdsecurityWAF rule

« MCPJam Inspector - RCE »
v0.1 by crowdsecurity
WAF rule