Security is a priority. If you discover a vulnerability in the MSSQL MCP server, please report it privately so we can fix it quickly.

Send details to [email protected] with the subject line "Security Report". Include:

• A description of the issue and potential impact
• Steps or scripts to reproduce
• The commit hash or release version tested

Please do not open public GitHub issues for security findings. You’ll receive an acknowledgement within 2 business days and status updates until the fix ships.

We follow responsible disclosure practices. Once a fix is available, we’ll credit researchers in the release notes unless anonymity is requested.