If you discover a security vulnerability in M3Undle, please report it privately.

• Open a private vulnerability report via GitHub (preferred), or
• Email:

Please include:

• Description of the issue
• Steps to reproduce
• Affected endpoints (e.g. M3U, XMLTV, HDHR)
• Any relevant logs or requests

• I will acknowledge receipt within 48 hours
• I will work to validate and address the issue as quickly as possible
• You may be asked for additional details during investigation

Please do not publicly disclose the issue until:

• A fix has been released, or
• We agree on a disclosure timeline

This project includes:

• IPTV proxy endpoints (M3U, XMLTV, HDHR)
• Web UI and API endpoints
• Authentication and access control

This is an early-stage project. Security improvements are ongoing, and responsible disclosure is appreciated.