Capcut Bug Bounty Program ⚡

However, that does not mean you cannot report security vulnerabilities in CapCut and get paid. This article explains exactly how to do it.

Researchers often focus on CapCut’s mobile apps (iOS and Android) and its web-based editor, looking for flaws that could compromise user data or creative content. capcut bug bounty program

Disclaimer: Bug bounty programs change frequently. Always read the latest rules on the official ByteDance Security Response Center before submitting. This article is for informational purposes only and does not constitute legal or hacking advice. However, that does not mean you cannot report

| Asset Category | Specific Targets | Focus Areas | | :--- | :--- | :--- | | | CapCut (iOS App Store), CapCut (Google Play Store) | Local storage encryption, Deep-link injection, Clipboard handling, Export watermark bypass. | | Web Platform | www.capcut.com , capcut.com/editor | XSS, CSRF, IDOR (Insecure Direct Object References), Authentication bypass. | | API Endpoints | *.capcut.com/api/* , capcut.com/luna/* | Rate limiting, Authorization flaws, Logic errors. | | Desktop Applications | CapCut for Windows, CapCut for macOS | Local privilege escalation, Unsafe library loading, Update mechanism integrity. | | User Privacy | User profile data, Draft projects | Accessing another user’s private drafts or templates without permission. | Disclaimer: Bug bounty programs change frequently

Q: What types of vulnerabilities are eligible for the CapCut bug bounty program? A: Researchers can submit reports on various types of vulnerabilities, such as authentication and authorization issues, data storage and encryption weaknesses, and injection attacks.