| Version | Supported |
|---|---|
| 0.0.x | ✅ |
If you discover a security vulnerability in Cortex, please report it responsibly.
- Do NOT open a public GitHub issue for security vulnerabilities.
- Email your report to: me@darshanchheda.com
- Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment: Within 48 hours of your report
- Assessment: Within 7 days, we will assess the severity and impact
- Fix timeline: Critical vulnerabilities will be patched within 14 days
- Disclosure: We follow coordinated disclosure. We will work with you on timing.
The following are in scope for security reports:
- Remote code execution via MCP tool calls
- SQL injection in graph queries
- Path traversal in file operations
- Information disclosure of sensitive file contents
- Denial of service via resource exhaustion
- Authentication/authorization bypass (if applicable)
- Vulnerabilities in dependencies (report to upstream maintainers)
- Issues requiring physical access to the machine
- Social engineering attacks
- Denial of service via legitimate heavy usage
Cortex is designed with the following security principles:
- Local-only by default: MCP communication is via stdio, no network ports opened unless explicitly requested
- Read-only graph access: MCP queries use read-only database connections
- No code execution: Cortex never executes code from indexed repositories
- No secrets in logs: Tracing never logs file contents, observation text, or source code
- Input sanitization: All FTS5 queries are sanitized to prevent injection
- Air-gap compatible: All features work without network access (except OSV.dev checks)