Bug Bounty Program

Help us keep ScalaCube secure

We welcome responsible reports of security vulnerabilities affecting our website, control panel, infrastructure, or customer-facing services.

If you find a vulnerability, please report it through our ticket system so our team can review it safely and follow up with you.

How to report

Submit your report at Support Tickets. Include clear reproduction steps, affected URLs or services, screenshots or proof of concept details when available, and your contact information.

The more complete your report is, the faster we can validate the issue and determine the correct severity.

Compensation

Eligible vulnerability reports may be compensated. Reward amounts depend on severity, impact, exploitability, report quality, and whether the issue was previously known to us.

Critical issues affecting customer data, account security, payments, or production infrastructure are reviewed with the highest priority.

Responsible disclosure rules

Do not access, modify, delete, or disclose data that does not belong to you.
Do not disrupt our services, run denial-of-service tests, or use automated high-volume scanning.
Do not publicly disclose the vulnerability until we have investigated and resolved it.
Test only against accounts, servers, and data you own or have explicit permission to use.
Provide enough detail for our team to validate and reproduce the issue safely.

What happens next

After you submit a ticket, our team will review the report, validate the impact, and contact you if additional information is needed.

If the report qualifies for a bounty, compensation will be determined after triage based on severity. We appreciate responsible security research and will not take action against researchers who follow these rules and act in good faith.