Please report security issues privately and avoid posting exploit details publicly.
Include:
- affected component/path
- reproduction steps
- expected vs actual behavior
- impact/risk summary
Even educational projects can have security-relevant account validation and auth behavior.