If you believe you have found a real, exploitable security vulnerability in Tactical RMM, report it to security@amidaware.com.
Do not send low-effort, speculative, automated, or AI-generated reports. Paying $20 a month for ChatGPT does not make you a security researcher, and “an attacker with access to the RMM can use the RMM to do bad things” is not a vulnerability.
Reports that describe intended functionality, require existing admin/RMM access, or fail to show real security impact will be ignored. Repeated garbage reports may result in your emails being blocked and your access to our services being restricted.
Do not publicly disclose vulnerabilities or alleged vulnerabilities without first coordinating with us and receiving our approval to disclose.