Security Research

While MyBB is designed with security in mind, the possibility of security issues being introduced is ever a problem. Learn how to responsibly disclose any vulnerabilities you may find. Researchers may be eligible for a place in our Security Hall of Fame.

Introduction

An insight in to the program

At MyBB, we take security as the highest priority. Both ourselves and our users need to trust that the software they're using is secure and will remain secure throughout the years. We've encountered vulnerabilities which have been disclosed to us by members of the community and encountered some which have been spread around the web. The latter is something which we want to avoid to protect our users and make understanding the issue easier.

For those who responsibly disclose vulnerabilities within MyBB 2.x, we have a Security Hall of Fame for bragging rights. Security contributors to the 1.8.x branch will be listed in the release notes of corresponding releases.

Reporting

How to report a vulnerability

If you have discovered a potential vulnerability or security risk, we encourage you to responsibly disclose it to us via the Private Inquiries forum. Even if you do not meet the requirements to be eligible for a place in our hall of fame, please do not hesitate to report it anyway. The more details you provide and the better you can explain the issue, the faster we can release a patch and keep our users safe. Please wait up to 24 hours for a response. We're all volunteers and it may take a while to understand the issue and to look in to it.