If you discover a security issue, please report it responsibly.

Email: [email protected]

Please include:

• Description of the issue
• Steps to reproduce
• Affected version(s)
• Any potential impact

We will acknowledge receipt within 48 hours and aim to provide an initial assessment within 7 days.

The following are in scope:

• McpMux desktop application
• McpMux gateway (localhost:45818)
• Credential storage and encryption
• OAuth token handling
• Access key authentication

• Please give us reasonable time to address the issue before public disclosure
• We appreciate detailed reports with clear reproduction steps
• We will credit reporters (unless you prefer to remain anonymous)