Today we are happy to announce the Nextcloud bug bounty program. We offer some of the highest bounties in the open source software industry, rewarding responsible disclosure with up to $5,000 for qualifying vulnerabilities!
We have partnered with the HackerOne platform because of its extraordinary popularity among IT security professionals. More than 3,000 hackers have reported over 24,000 bugs via the platform. Running a program on HackerOne allows us to quickly leverage the collective knowledge of a huge amount of these security experts.
«We are thrilled to welcome Nextcloud to the HackerOne community and have the opportunity to again work with Lukas Reschke», said Marten Mickos, CEO of HackerOne. «Reschke’s experience with open source and running competitive bug bounty programs at scale is sure to benefit Nextcloud security and its customers.»
While we do perform internal research and add pro-active security hardenings all the time (a prominent example being the introduction of same-site cookies) we are always looking for external input as well. Few limitations and exclusions as well as some of the highest rewards in the open source world for responsible disclosure will serve to attract the kind of professional expertise needed to turn this into a success.
We’re confident in our code base and our work and with this project we will bring the Nextcloud security to an even higher level.
| Impact | Definition | Maximum possible reward |
| Critical | Gaining remote code execution on the server as unauthenticated user. (i.e. RCE) | $5,000 |
| High | Gaining access to complete user data of any other user. (i.e. Auth Bypass) | $2,000 |
| Medium | Limited disclosure of user data or attacks granting access to a single users’ user session. (i.e. XSS) | $750 |
| Low | Very limited disclosure of user data or attacks involving a very high unlikely amount of user interaction. | $250 |
Note that our websites (nextcloud.com and nextcloud.org) are NOT part of the program, only the software you can find on our install page.
Get started now at hackerone.com/nextcloud and help make Nextcloud even more awesome!
Nextcloud Hub 25 Otoño facilita la puesta en marcha de una potente colaboración mientras controlas totalmente tus datos. Desde actualizaciones globales de diseño hasta mejoras de usabilidad y rendimiento, descubre nuestra última versión en este blog.
Ver más
Passionate about data privacy and Nextcloud? We invite you speak at the Nextcloud Community Conference to share your experience, knowledge and news with the community!
Ver más
Nextcloud becomes the first cloud software platform to earn the Blauer Engel ecolabel, proving that digitally sovereign and green IT is possible.
Ver más
For the ninth time, Nextcloud has been nominated for the CloudComputing-Insider Readers’ Choice Award in the category of Cloud Content Management. We’d love to reach the top again! And we’re looking for the support of you and everyone else in our amazing community to get there. Nextcloud as the best Cloud Content Management tool? Only […]
Ver más
In the Nextcloud 2024 wrap-up, we want to take a moment to celebrate this year's achievements. Join us as we continue to reimagine what’s possible - shaping a world where open source, privacy and connection come together and drive progress for the greater good.
Ver más
Organisations, small and large, need a way to ensure the resiliency and digital sovereignty of their operations – an open-source, privacy-respecting alternative to Teams. And today, we present that solution - Nextcloud Talk.
Ver más
Nextcloud has been recognized with the World Summit Award Germany that selects and promotes local digital innovation improving society, aiming to contribute to the United Nations' agenda of sustainable development goals.
Ver más
Nextcloud has been awarded Platinum at the IT Awards 2024. Today, we celebrate this win together!
Ver más
The first ethical, open-source AI assistant that can get a multitude of tasks done for you without compromising your data.
Ver más
DIE ZEIT, a prominent German outlet, interviewed Nextcloud’s founder Frank Karlitschek for an article on Microsoft’s anti-competitive behaviour on the European office software market. Read for a recap of the article and the key takeaways.
Ver más
MagentaCLOUD’s migration to Nextcloud in 2021 resulted in a fully equipped Online Storage with an integrated online office suite that further improves the user experience, flexibility and security for customers.
Ver más
We bring you a major update to the Nextcloud AI Assistant, plus the news we work with several big hosting providers like IONOS and OVHcloud to bring AI-as-a-Service options to you!
Ver más
Bechtle and Nextcloud announce today a complete managed collaboration platform for the public sector that requires no tender and can be deployed immediately.
Ver más
Discover how to make the switch from ownCloud to Nextcloud. Our quick guide provides insights into the migration process, helping you make the transition smoothly.
Ver más
Today, US-based file sync & share vendor Kiteworks announced their acquisition of ownCloud and Dracoon. Kiteworks points out that their customers now have access to their file-sharing application. It is to be expected they will not maintain 3 similar products, but customers will have to migrate to the US firms’ platform or look for another […]
Ver más
Nextcloud founder and CEO Frank Karlitschek earns the honorary SFS Award at the 20th annual SFSCON taking place in South Tyrol, Italy.
Ver más
As part of Schleswig-Holstein's state digitization strategy, the state chancellery has announced they will work with Nextcloud to develop AI for working with government documents. This comes just after we announced the first private AI assistant last weekend with Hub 6. The German state already uses Nextcloud and their AI strategy aligns with our work on ethical, local AI technologies.
Ver más
Over the last year, AI has become a popular topic. Some is hype, some is substance. Some is good, some is bad. We want to give you the good, not the bad, and ignore the hype! AI has a ton of opportunity – but also risk. So we put you in control – off by […]
Ver más
Nuestra misión es ayudar a particulares, empresas y organizaciones a alcanzar la soberanía digital y recuperar el control sobre sus datos. Nextcloud Hub 5 supone un enorme paso adelante en la consecución de esta misión, poniendo el poder de la IA en tus manos, de forma que mantengas el control. Nueva versión, nuevas posibilidades Hub […]
Ver más
Plan your day while staying in control of your data. Use the power and convenience of modern online scheduling tools, hosted on your terms, with Nextcloud Calendar
Ver más
We have decided to withdraw the complaint against Microsoft with the European Commission’s Directorate-General for Competition, given the lack of interest from the European Commission, lengthy process and costs on our side.
Ver más
Nextcloud joins dozens of European technology companies and the European Digital SME Alliance in urging the EU member states to reject CSA Regulation also known as the “Chat Control“ law.
Ver más
