If you find a security vulnerability in Hugin, do not open a public issue.
Instead, report it responsibly:
- Email: security@hugin.nu
- Subject:
[SECURITY] Brief description - Include: version, platform, steps to reproduce, impact assessment
We will acknowledge within 48 hours and aim to patch critical issues within 7 days.
- Hugin desktop application (all platforms)
- hugin.nu website and API
- License/payment infrastructure
- Vulnerabilities in targets you are testing with Hugin
- Social engineering attacks
- Denial of service against hugin.nu
We credit researchers who report valid vulnerabilities (unless you prefer to remain anonymous).