How to report a bug or vulnerability
Last updated:
Found a bug or vulnerability? Here's how you can securely report it directly to us.
Use email for non-sensitive issues or general enquiries
Just send an email to support@mullvadvpn.net
Use encrypted email for more sensitive issues
If you've found a sensitive vulnerability and want to contact us in a secure and private manner, then send us a PGP-encrypted email to support@mullvadvpn.net using our public key.
Don't know how to do that? Follow our guide on using encrypted email.
Bounty for bugs?
While we (currently) have no bug bounty program, we greatly appreciate the goodwill of customers who take the time to share their finds with us. Whether it's a tiny bug that you've found and helped us squash or a slightly larger, hairier, uglier vulnerability that needs special attention, all reports help us to continuously improve our service for everyone
Send via the app
If you encounter an issue while using the Mullvad VPN app, you can easily notify us directly from within the app (currently not available on iOS). In the Settings menu, click on Report a problem and send your find to us. You don't need to fill in an email address, but if you want a reply from us, you will need to include one. As the form states, your app's log files are anonymized before being securely sent to us.
Legal statement
Mullvad VPN will not pursue legal actions against security researchers that reports bugs or vulnerabilities to us.