# Reporting a Vulnerability

If you discover a security concern or vulnerability in WaboSign, please report it privately by email to **wabosign@wabo.cc** rather than opening a public GitHub issue. We will acknowledge receipt, work with you to validate the report, and ship a fix.

## Out of scope

- CSRF
- DNSSEC, CAA, CSP headers
- DNS or email security related
- Rate limiting

We reserve the right to classify any reported issue as out of scope.