If you discover a security vulnerability in OpenGUI, please report it responsibly.
Do not open a public issue for security vulnerabilities.
Instead, please send an email to the maintainers or use GitHub's private vulnerability reporting feature:
- Go to the repository's Security tab
- Click Report a vulnerability
- Provide a detailed description of the issue
OpenGUI involves AI-driven device automation via accessibility services. Security concerns include but are not limited to:
- Unauthorized access to device control
- API key or credential exposure
- Injection attacks via task descriptions or AI prompts
- WebSocket authentication bypass
- File upload/download vulnerabilities
We aim to acknowledge security reports within 48 hours and provide a fix or mitigation plan within 7 days for critical issues.