If you discover a security vulnerability in COR MCP Server, please report it privately by opening a GitHub Issue without disclosing the vulnerability publicly, or by reaching out to the maintainer directly.
Do not disclose the vulnerability publicly until it has been addressed.
- The COR MCP Server codebase
- Authentication and credential handling
- API communication with Project COR
- Description of the vulnerability
- Steps to reproduce (if safe to share)
- Potential impact
- Suggested fix (optional)