Bug Bounty: Capcut

Before I disclose: Is there a private HackerOne/third-party program, or are we going straight to VDP? 👀

Drop links below. ⬇️

We know the parent company (ByteDance) runs bounty programs for TikTok. But what about CapCut? capcut bug bounty

I’ve been fuzzing the CapCut web editor (capcut.com) and found what looks like a potential IDOR on project draft IDs. Before I go further, I want to make sure I'm following responsible disclosure.

Does CapCut Need a Public Bug Bounty Program? Before I disclose: Is there a private HackerOne/third-party

#Cybersecurity #BugBounty #CapCut #ResponsibleDisclosure #AppSec

As CapCut's user base explodes (surpassing Premiere Rush in mobile downloads), its security posture remains a black box to the research community. But what about CapCut

I've found: 🔹 Auth bypass in the web editor 🔹 Insecure direct object references (IDOR) in project files 🔹 Rate-limiting gaps on the mobile API