If you believe that you have have discovered a vulnerability in Hestia Control Panel, please let our development team know by submitting a report Huntr.dev Bounties and CVEs are automatically managed and allocated via the platform.

If you are unable to Huntr.dev please send an email to support@hestiacp.com We ask that you please include a detailed description of the vulnerability, a list of services involved (e.g. exim, dovecot) and the versions which you've tested, full steps to reproduce the vulnerability, and include your findings and expected results.