If you discover a security vulnerability in the OpenSIPS MCP Server, please report it responsibly. Do not open a public GitHub issue for security vulnerabilities.

Send an email to security@opensips.org with the following information:

• A description of the vulnerability
• Steps to reproduce the issue
• The potential impact
• Any suggested fixes (if applicable)

• Acknowledgment: Within 48 hours of your report
• Initial assessment: Within 5 business days
• Resolution timeline: Depends on severity, but we aim to release patches for critical issues within 14 days

The following areas are in scope for security reports:

• Authentication bypass -- Circumventing API key authentication or RBAC enforcement
• Authorization flaws -- Privilege escalation between readonly and admin roles
• Input validation -- Injection attacks via MI commands, database queries, or configuration templates
• Information disclosure -- Unintended exposure of credentials, internal state, or system details
• Denial of service -- Resource exhaustion or crashes caused by crafted inputs

The OpenSIPS MCP Server implements multiple layers of security:

• RBAC (Role-Based Access Control): Two roles (readonly, admin) with granular permission scopes assigned to every tool and resource. Every tool is decorated with @require_permission() to enforce access control.
• API Key Authentication: Optional API key validation for network transports (SSE, streamable-http). Requests without a valid key are rejected before reaching any tool handler.
• Input Validation: All user-supplied parameters are validated and sanitized before use. This includes SIP URI validation, IP address checks, SQL identifier whitelisting, MI parameter sanitization, and port range validation.
• Audit Logging: Sensitive operations are logged with structured JSON output including timestamps, user identity, operation type, and masked credentials.

Security fixes are provided for the latest release only.

We appreciate the security research community's efforts in helping keep the OpenSIPS MCP Server secure. Reporters will be credited in release notes (unless they prefer to remain anonymous).