CVE Chain: CVE-2026–23744 (MCPJam RCE) → operator group → Docker escape
Recon
Open ports: 22, 80/443. Subdomains: mcp.kobold.htb (MCPJam Inspector 1.4.2), bin.kobold.htb (PrivateBin 2.0.2). Use -k flag with gobuster for HTTPS.
Full writeup — members only
The complete exploit chain, commands, and methodology are available to members on Buy Me a Coffee.
unlock on buy me a coffee€5 one-off · or monthly membership