NEXUS

Legal

Security & Responsible Disclosure

We build security software, so we take ours seriously. If you find a vulnerability in Nexus or this site, we want to hear from you — and we’ll work with you to fix it.

Last updated: June 21, 2026

How to report

Email ck271138@gmail.com with the details. Please include enough to reproduce the issue:

  • A description of the vulnerability and its impact.
  • Step-by-step reproduction (and a proof-of-concept if you have one).
  • The affected component and version (e.g. nexus-fleet 2.2.1).

Scope

  • In scope — the Nexus Desktop app, the nexus-fleet package (agent · manager · dashboard · CLI · SecOps), and this website.
  • Out of scope — third-party services (GitHub, PyPI, npm), social-engineering, volumetric DoS, and issues that require a compromised host you already control.

Our commitment

  • We acknowledge reports promptly and keep you updated on the fix.
  • We credit reporters who wish to be named once the issue is resolved.
  • We will not pursue legal action against good-faith research that follows this policy.
Safe harbor. Testing must stay within your own systems and the scope above — do not access other users’ data, degrade services, or run tests against infrastructure you don’t own.

Contact

Security contact: ck271138@gmail.com.