If you discover a security vulnerability in midnight-wallet-cli, please report it by opening an issue with the security label.

• CLI version (midnight --version)
• Description of the vulnerability
• Steps to reproduce
• Potential impact

The following are in scope:

• CLI wallet — key handling, seed storage, transaction signing
• MCP server — tool execution, data exposure
• Network communication — WebSocket connections, RPC calls

• Issues specific to the Midnight blockchain protocol itself
• Local devnet (undeployed network) configuration issues
• Cosmetic or UX bugs (use a regular bug report instead)