Capcut Bug Bounty Fix Jun 2026

Check your app stores for the latest update to stay secure!

The financial incentives are substantial and have been consistently upgraded over time:

Securing the creative space: How we fixed a critical flaw in CapCut 🛡️🎬 capcut bug bounty fix

When you go to the ByteDance page on HackerOne, CapCut isn't listed next to TikTok and Douyin. The Fix: CapCut is often listed under "ByteDance Default" or "Mobile Apps." You must tag your report explicitly with capcut or CapCut in the title. Recent scopes (2024-2025) include:

: Bounties are based on the severity of the vulnerability found: Critical : $10,500 – $15,000 High : $5,000 – $10,000 Medium : $1,000 – $4,500 Low : $500 Check your app stores for the latest update to stay secure

For desktop and mobile applications:

Configure your Google Play Store or Apple App Store to automatically update CapCut. Recent scopes (2024-2025) include: : Bounties are based

When validating a vulnerability before reporting:

: Reports must be submitted privately to give developers time to investigate and mitigate the issue before public disclosure. Reward Structure

Use JADX (for Android) or Ghidra to look at how deep links and custom URI schemes are processed inside the code. Search for exported activities that shouldn't be public.