If you believe you have found a security vulnerability, report it to security@vercel.com with enough detail to reproduce the issue and assess its impact. Please do not open a public issue or pull request for suspected security problems.

We will acknowledge receipt as soon as practical, investigate the report, and coordinate remediation with you when needed. Please keep details confidential until we have had a reasonable opportunity to validate and address the issue.

We ask reporters to allow up to 90 days from our acknowledgement before any public disclosure. If additional coordination time is needed, we will work with you in good faith on an updated disclosure timeline.