The problems with Big Tech AI data collection: privacy concerns and how to protect your data
AI privacy concerns are growing as Big Tech keeps collecting data. Learn the risks and how privacy-first AI solutions help protect your data.
Read MoreIntroducing the Nextcloud bug bounty program
Today we are happy to announce the Nextcloud bug bounty program. We offer some of the highest bounties in the open source software industry, rewarding responsible disclosure with up to $5,000 for qualifying vulnerabilities!
We have partnered with the HackerOne platform because of its extraordinary popularity among IT security professionals. More than 3,000 hackers have reported over 24,000 bugs via the platform. Running a program on HackerOne allows us to quickly leverage the collective knowledge of a huge amount of these security experts.
“We are thrilled to welcome Nextcloud to the HackerOne community and have the opportunity to again work with Lukas Reschke”, said Marten Mickos, CEO of HackerOne. “Reschke’s experience with open source and running competitive bug bounty programs at scale is sure to benefit Nextcloud security and its customers.”
While we do perform internal research and add pro-active security hardenings all the time (a prominent example being the introduction of same-site cookies) we are always looking for external input as well. Few limitations and exclusions as well as some of the highest rewards in the open source world for responsible disclosure will serve to attract the kind of professional expertise needed to turn this into a success.
We’re confident in our code base and our work and with this project we will bring the Nextcloud security to an even higher level.
| Impact | Definition | Maximum possible reward |
| Critical | Gaining remote code execution on the server as unauthenticated user. (i.e. RCE) | $5,000 |
| High | Gaining access to complete user data of any other user. (i.e. Auth Bypass) | $2,000 |
| Medium | Limited disclosure of user data or attacks granting access to a single users’ user session. (i.e. XSS) | $750 |
| Low | Very limited disclosure of user data or attacks involving a very high unlikely amount of user interaction. | $250 |
Note that our websites (nextcloud.com and nextcloud.org) are NOT part of the program, only the software you can find on our install page.
Get started now at hackerone.com/nextcloud and help make Nextcloud even more awesome!
Other posts
Digital sovereignty in Munich: Join us at the Nextcloud Summit 2026
Following the overwhelming success of last year’s Nextcloud Summit, Nextcloud is proud to launch its second edition of the Nextcloud Summit, taking place on 9 June in Munich, Germany. During this unique event, we want to address the wider market around digitally sovereign collaboration technology, providing a space for organizations, governments, and experts to connect, […]
Read More
Nextcloud Hub 26 Winter: Reclaim your digital autonomy
Time to own your data is now. Introducing the new Nextcloud Hub, a powerful open source collaboration platform that puts you in control. Discover improvements in performance, design, and security, and lots of new and improved tools for your daily work and life.
Read More
Nextcloud CEO and founder Frank Karlitschek wins European Open Source Award for Business & Impact
Nextcloud CEO Frank Karlitschek wins the European Open Source Award for Business & Impact, highlighting the strength of open source and its community.
Read More
5 ways Nextcloud beats Microsoft Office: Your modern, sovereign alternative to Microsoft Office
Looking for a sovereign Microsoft Office alternative? Learn how Nextcloud puts you back in control of your data and online collaboration.
Read More
Nextcloud Hub 25 Autumn: Your digital workspace, ready in no time
Nextcloud Hub 25 Autumn makes it easier to get started with powerful collaboration while fully in control of your data. From global design updates to improved usability and performance, discover our latest release in this blog.
Read More
Digital Sovereignty Index: How countries compare in digital independence
Nextcloud has published its first Digital Sovereignty Index (DSI) to showcase the status of digital sovereign infrastructure.
Read More
A sovereign Microsoft 365 alternative: Nextcloud and IONOS join forces
Discover the Microsoft 365 alternative by Nextcloud and IONOS: the Nextcloud Workspace office suite, launching in the course of 2025.
Read More
Nextcloud as first cloud software to get the Blauer Engel ecolabel for green IT
Nextcloud becomes the first cloud software platform to earn the Blauer Engel ecolabel, proving that digitally sovereign and green IT is possible.
Read More
Nextcloud powering the digital workspace of tomorrow: 2024 in review
In the Nextcloud 2024 wrap-up, we want to take a moment to celebrate this year's achievements. Join us as we continue to reimagine what’s possible - shaping a world where open source, privacy and connection come together and drive progress for the greater good.
Read More
The open source answer to Microsoft Teams
Organisations, small and large, need a way to ensure the resiliency and digital sovereignty of their operations – an open-source, privacy-respecting alternative to Teams. And today, we present that solution - Nextcloud Talk.
Read More
Nextcloud recognized with World Summit Award Germany
Nextcloud has been recognized with the World Summit Award Germany that selects and promotes local digital innovation improving society, aiming to contribute to the United Nations' agenda of sustainable development goals.
Read More
Nextcloud wins Platinum at the IT Awards 2024!
Nextcloud has been awarded Platinum at the IT Awards 2024. Today, we celebrate this win together!
Read More
Nextcloud for DIE ZEIT: Microsoft’s anti-competitive behavior, PR stunts and salami slicing
DIE ZEIT, a prominent German outlet, interviewed Nextcloud’s founder Frank Karlitschek for an article on Microsoft’s anti-competitive behaviour on the European office software market. Read for a recap of the article and the key takeaways.
Read More
How T-Systems migrated millions of MagentaCLOUD users to Nextcloud
MagentaCLOUD’s migration to Nextcloud in 2021 resulted in a fully equipped Online Storage with an integrated online office suite that further improves the user experience, flexibility and security for customers.
Read More
Nextcloud releases Assistant 2.0 and pushes AI-as-a-Service
We bring you a major update to the Nextcloud AI Assistant, plus the news we work with several big hosting providers like IONOS and OVHcloud to bring AI-as-a-Service options to you!
Read More
Bechtle and Nextcloud offer digitally sovereign collaboration services for the public sector
Bechtle and Nextcloud announce today a complete managed collaboration platform for the public sector that requires no tender and can be deployed immediately.
Read More
Migrating from ownCloud to Nextcloud
Discover how to make the switch from ownCloud to Nextcloud. Our quick guide provides insights into the migration process, helping you make the transition smoothly.
Read More
Kiteworks acquires ownCloud & Dracoon
Today, US-based file sync & share vendor Kiteworks announced their acquisition of ownCloud and Dracoon. Kiteworks points out that their customers now have access to their file-sharing application. It is to be expected they will not maintain 3 similar products, but customers will have to migrate to the US firms’ platform or look for another […]
Read More
Nextcloud founder earns European Free Software Award
Nextcloud founder and CEO Frank Karlitschek earns the honorary SFS Award at the 20th annual SFSCON taking place in South Tyrol, Italy.
Read More
German state & Nextcloud build digitally sovereign AI for public sector
As part of Schleswig-Holstein's state digitization strategy, the state chancellery has announced they will work with Nextcloud to develop AI for working with government documents. This comes just after we announced the first private AI assistant last weekend with Hub 6. The German state already uses Nextcloud and their AI strategy aligns with our work on ethical, local AI technologies.
Read More
AI in Nextcloud: What, why and how
Since its mass adoption, AI has become, and still is, a popular and sometimes contraversial topic. Some of it is hype, some is substance. Some is good, some, of course, is bad. We want to give you the good, not the bad, and ignore the hype. In Nextcloud Hub we’ve focused on providing you the […]
Read More
Euro-Office: License compliance and what open source means
Euro-Office is built on ONLYOFFICE, distributed under the AGPLv3. In this post we explain that certain additional terms in the source files conflicted with the AGPLv3, and what we did about it. Our reading is supported by the license authors themselves.
Read More
Nextcloud Ethical AI rating: A transparent approach to privacy-first AI
Understand how Nextcloud Ethical AI Rating helps organizations evaluate AI privacy, transparency, and data control in modern AI solutions.
Read More
Nextcloud File Drop: convenient and secure file uploading and sharing for Enterprises
Looking for a reliable and secure file upload and share solution? Nextcloud File Drop lets you safely upload & transfer files with confidence!
Read More