Back to blog

Rumble Bug Bounty Program — Summary

Purpose

Rumble runs a bug bounty program to encourage security researchers to report vulnerabilities and help improve platform security.

How to Report

  • Email reports to bugbounty@rumble.com.
  • Include all required information (see Report Quality below).
  • One email address per participant.
  • Maximum 4 reports per month per email address.
  • Submitted reports become Rumble's property and must not be publicly disclosed.

Scope

In-scope domains:

  • .rumble.com
  • .rumble.cloud
  • .locals.com

Out of Scope

No rewards for:

  • Social engineering (phishing, vishing, etc.)
  • DoS/DDoS attacks
  • Automated scanning or brute-force testing without a clear proof-of-concept exploit

Rewards

  • Based on severity, impact, and report quality.
  • Typical maximum payout: $1,000 USD.
  • Exceptionally critical vulnerabilities may receive more.
  • Duplicate, incomplete, or low-quality reports may not receive rewards.

Required Report Contents

  1. Vulnerability description
  2. Severity rating (critical/high/medium/low)
  3. Impact assessment
  4. Detailed reproduction steps (URLs, commands, screenshots, videos, etc.)
  5. Recommended fix

Payments

  • Rewards are paid to a Rumble account.
  • Funds can then be transferred to PayPal.

Review Timelines

  • Initial response: within 5 business days
  • Triage: within 10 business days after the initial response
  • Business hours: Monday–Friday, 9 a.m.–5 p.m. Eastern Time (excluding holidays)
  • Timelines are approximate and may change

Responsible Research Requirements

Researchers should:

  • Respect user privacy
  • Avoid accessing, modifying, or deleting customer data
  • Avoid disrupting services
  • Use test accounts when possible
  • Allow Rumble reasonable time to fix issues before disclosure

Triage Process

Rumble will:

  1. Verify and reproduce the vulnerability
  2. Check for duplicates
  3. Assess severity and impact
  4. Prioritize fixes and determine rewards
  5. Communicate updates through official channels

Important Disclaimer

  • Participation is voluntary.
  • Rumble does not guarantee payouts or action on any report.
  • The program may be changed or canceled at any time without notice.
Back to blog