We value the contributions of the security research community, and we look forward to working with you to minimize risk to Magento merchants.

We do not currently have a paid bug bounty program for Mage-OS. Please report any issues to our security team at: [email protected]

Adobe runs a paid bug bounty program for Magento Open Source and Adobe Commerce. Please report any issues common to Mage-OS and Magento there. Any issues that are reported and fixed through that program will be released as a security patch for Magento, and then incorporated into Mage-OS as soon as possible after.

We strongly encourage you to report all security issues privately via our bug bounty program. Please provide us with relevant technical details and repro steps to expedite our investigation. If you prefer not to use HackerOne, email us directly at [email protected] with details and repro steps.

To learn more about securing a Magento or Mage-OS store, please visit the Security Center.