• Points – $4,000 per vulnerability
  • Up to $7,000 maximum reward
  • Safe harbor

Program Scope Notice

Greetings Researchers,

Cloudinary has asked everyone to please be very aware of what domains you're testing when performing testing activities.

The brief has been updated with this language:

Testing is only authorized on the targets listed as In-Scope. Any domain/property of Cloudinary not listed in the targets section is out of scope. This includes any/all subdomains not listed above. If you believe you've identified a vulnerability on a system outside the scope, please reach out to before submitting.

Thanks for your understanding. Happy Hacking!