KDNA files are static JSON. The primary security surface is the validator tooling.

If you discover a security vulnerability in a KDNA tool, please report it by opening a GitHub issue. Do not include exploit details in public issues for unreported vulnerabilities.

We will acknowledge your report within 5 business days and provide an estimated timeline for a fix.

• Security of the KDNA CLI tool and loader library
• Schema validation bypasses that could inject harmful content

• The contents of KDNA domain files authored by users
• Upstream dependencies