Bug Bounty Program

Our Bug Bounty Program

Cubbit, in collaboration with Unguess Security, operates a Private Bug Bounty Program dedicated to continuously improving the security of our geo-distributed cloud storage services.

We believe in working closely with the security research community. That’s why we rely on the Unguess platform to manage the entire vulnerability reporting and evaluation process in a structured and professional way.

Please note: This program is reserved for selected researchers on the Unguess platform and is not open to the public.

How it works

All vulnerability reports must be submitted exclusively through the Unguess platform, in accordance with the program rules.

🚀 Found something interesting?
Ready to report it?

👉 Submit your report via Unguess here →
Join the Cubbit Private Bug Bounty on Unguess

Please note: Cubbit does not review or process vulnerability reports submitted via email, contact forms, or any other direct channel.

Reports submitted outside the Unguess platform:

  • will not be reviewed
  • will not be processed
  • will not be eligible for any reward

What's included (Scope)

The programme covers:

  • Cubbit DS3 Cloud & Composer web interface
  • Exposed REST APIs
  • The following edpoints:
    • api.cubbit.eu
    • dashboard.cubbit.eu
    • console.cubbit.eu
    • composer.cubbit.eu
    • s3.cubbit.eu

We reserve the right to update the list of assets at any time.

What's excluded (Out of Scope)

Not included in the programme:

  • web.cubbit.io
  • cubbit.io and related landing pages
  • Cubbit Cell
  • Social engineering, phishing, or direct attacks against employees
  • Load testing, DoS/DDoS, or any activity that may degrade the service
  • Mass account creation
  • Theoretical vulnerabilities without demonstrable impact

Rewards

Vulnerabilities classified with at least "Medium" severity may receive financial recognition of up to Euro 3,000, based on the category and actual severity.

Technical assessment and reward allocation are managed exclusively through the Unguess platform, according to the programme rules.

Thank you to all researchers who collaborate responsibly to make Cubbit ever more secure! 🚀