Report a Security Issue

ScreenNabster welcomes responsible disclosure reports. Please do not publicly disclose a suspected vulnerability until we had a reasonable time to investigate.

Send reports to support@screennabster.com with enough detail to reproduce.

Reports commonly cover authentication, authorization, dashboard flows, REST APIs, secrets handling, SSRF safeguards, webhook handling, quota bypass, insecure output handling, and related issues demonstrating impact.

• Use accounts and targets you control or hold written authorization to assess.
• Keep tests narrowly scoped and non-destructive; avoid mass scanning or noisy denial-of-service testing.
• Stop immediately if you access data belonging to others; report it securely rather than extracting or leaking it.
• Honor third-party service policies when your testing interacts with upstream sites.

Typically out of scope: generic missing security headers lacking exploitability; social engineering; physical attacks; spam-only reports; issues in vendor platforms without plausible ScreenNabster impact.

Prefer endpoint or route names, timelines, reproducible payloads, screenshots, sanitized HTTP transcripts, suspected blast radius, and safe proof-of-concept steps.

There is currently no contractual bug bounty program. Rewards, if offered, remain discretionary.

We endeavor to acknowledge valid reports promptly and mitigate confirmed issues pragmatically.