Capcut Bug Bounty May 2026

Drop links below. ⬇️

#BugBounty #InfoSec #EthicalHacking #ByteDance

We know the parent company (ByteDance) runs bounty programs for TikTok. But what about CapCut? capcut bug bounty

I’ve been fuzzing the CapCut web editor (capcut.com) and found what looks like a potential IDOR on project draft IDs. Before I go further, I want to make sure I'm following responsible disclosure.

Does CapCut Need a Public Bug Bounty Program? Drop links below

I've found: 🔹 Auth bypass in the web editor 🔹 Insecure direct object references (IDOR) in project files 🔹 Rate-limiting gaps on the mobile API

Before I disclose: Is there a private HackerOne/third-party program, or are we going straight to VDP? 👀 capcut bug bounty

🚨 🚨