Do not open a public GitHub issue for security vulnerabilities.

Preferred: use GitHub's private vulnerability reporting ("Report a vulnerability" under the repository Security tab). This keeps the report private and lets us collaborate on a fix and coordinated disclosure in one place.

Alternatively, email: security@openral.dev

Include:

• Description of the vulnerability.
• Steps to reproduce.
• Potential impact.
• Any suggested fix.

We will respond within 48 hours and work with you on coordinated disclosure.

For issues involving physical safety of robots or people (E-stop bypass, actuation path bugs, safety kernel defects), email security@openral.dev with "[safety]" in the subject line before using the Safety issue template. These are treated as highest priority.