Private path
Use the GitHub Security tab
Choose Report a vulnerability so the report can be handled privately first.
Security reporting
Use the private path for real vulnerabilities in MCP Preflight.
If you find a real security issue in MCP Preflight itself, do not post the details in a public GitHub issue.
Please include
Give enough detail to reproduce it quickly
- what you found
- which version you tested
- how to reproduce it
- any proof-of-concept material that will help confirm the issue quickly
Public paths