Responsible Disclosure Bug Bounty May 2026

| Severity | Example Vulnerability Types | Bounty Range (USD) | |--------------|----------------------------------------------------|--------------------| | | RCE, SQLi with data extraction, privilege escalation | $1,000 – $5,000 | | High | SSRF to internal network, auth bypass, significant data leak | $500 – $1,000 | | Medium | CSRF on sensitive actions, stored XSS, IDOR on private data | $200 – $500 | | Low | Reflected XSS, limited info disclosure, rate-limiting issues | $50 – $200 |

This policy does not grant permission to hack or disrupt [Company Name] outside the described scope. responsible disclosure bug bounty