Capcut Bug Bounty ❲Web ESSENTIAL❳

As CapCut's user base explodes (surpassing Premiere Rush in mobile downloads), its security posture remains a black box to the research community.

With millions of creators storing drafts & data on ByteDance servers, the attack surface is MASSIVE. capcut bug bounty

#Cybersecurity #BugBounty #CapCut #ResponsibleDisclosure #AppSec As CapCut's user base explodes (surpassing Premiere Rush

I've found: 🔹 Auth bypass in the web editor 🔹 Insecure direct object references (IDOR) in project files 🔹 Rate-limiting gaps on the mobile API capcut bug bounty

I’ve been fuzzing the CapCut web editor (capcut.com) and found what looks like a potential IDOR on project draft IDs. Before I go further, I want to make sure I'm following responsible disclosure.