Cloudflare Public Bug Bounty Bug Bounty Program

Program Overview

Cloudflare Public Bug Bounty runs a bug bounty program on HackerOne. The program has 53 in-scope assets and is managed by HackerOne's triage team.

In-Scope Assets

Asset	Type	Max Severity	Eligible
*.cloudflare.com	URL	Critical	Bounty
*.cloudflarepartners.com	OTHER	Critical	Bounty
*.teams.cloudflare.com	URL	Critical	Bounty
1.1.1.1 Resolver	OTHER	Critical	Bounty
AI Gateway	OTHER	Critical	Bounty
AMP Real URL	OTHER	Critical	Bounty
API Shield	OTHER	Critical	Bounty
Area 1	OTHER	Critical	Bounty
Bot Management	OTHER	Critical	Bounty
Browser Isolation	OTHER	Critical	Bounty
CDNJS	OTHER	Critical	Bounty
China Network	OTHER	Critical	Bounty
Cloudflare Access	OTHER	Critical	Bounty
Cloudflare Analytics	OTHER	Critical	Bounty
Cloudflare CASB	OTHER	Critical	Bounty
Cloudflare Cache	OTHER	Critical	Bounty
Cloudflare D1	OTHER	Critical	Bounty
Cloudflare DNS	OTHER	Critical	Bounty
Cloudflare Durable Objects	OTHER	Critical	Bounty
Cloudflare Pages	OTHER	Critical	Bounty
Cloudflare R2	OTHER	Critical	Bounty
Cloudflare Tunnel	OTHER	Critical	Bounty
Cloudflare Workers CI	OTHER	Critical	Bounty
Cloudflare Zaraz	OTHER	Critical	Bounty
Cloudflare Zero Trust/Cloudflare One	OTHER	Critical	Bounty
Data Loss Prevention (DLP)	OTHER	Critical	Bounty
Gateway	OTHER	Critical	Bounty
Hyperdrive	OTHER	Critical	Bounty
Images	OTHER	None	Bounty
Load Balancing	OTHER	Critical	Bounty
Magic Firewall	OTHER	Critical	Bounty
Magic Transit	OTHER	Critical	Bounty
Magic WAN	OTHER	Critical	Bounty
Open source tools from Cloudflare	OTHER	Critical	Bounty
SSL/TLS	OTHER	Critical	Bounty
Spectrum	OTHER	Critical	Bounty
Stream	OTHER	Critical	Bounty
Turnstile	OTHER	Critical	Bounty
Vectorize	OTHER	Critical	Bounty
WARP Mobile Apps	OTHER	Critical	Bounty
WARP desktop client	OTHER	Critical	Bounty
Waiting Room	OTHER	Critical	Bounty
Workers	OTHER	Critical	Bounty
Workers AI	AI_MODEL	Critical	Bounty
Workers KV	OTHER	Critical	Bounty
api.cloudflare.com	URL	Critical	Bounty
cloudflareworkers.com	URL	Critical	Bounty
dash.cloudflare.com	URL	Critical	Bounty
http://github.com/cloudflare	URL	Critical	Bounty
https://github.com/cloudflare/vinext	SOURCE_CODE	Critical	Bounty

Showing 50 of 53 in-scope assets. View all on HackerOne.

Out-of-Scope Assets

• 172.65.0.0/16
• community.cloudflare.com
• events.www.cloudflare.com
• https://github.com/cloudflare/vinext-private
• support.cloudflare.com
• support.cloudflarewarp.com

Tips for Hacking Cloudflare Public Bug Bounty

1. Read the policy — Understand what's in scope, out of scope, and any specific testing restrictions before you start.
2. Enumerate the attack surface — Use subdomain enumeration and directory bruteforcing to map all accessible endpoints.
3. Focus on high-impact bugs — Look for SQL injection, SSRF, and IDOR vulnerabilities first.
4. Test authentication flows — Check for OAuth misconfigurations and CSRF in login/signup flows.
5. Write clear reports — Include steps to reproduce, impact assessment, and suggested remediation. Use Burp Suite to capture evidence.

Frequently Asked Questions

How do I start hacking Cloudflare Public Bug Bounty?

Sign up on HackerOne, read the program policy carefully, review the in-scope assets listed above, and start testing. Always stay within scope and follow responsible disclosure guidelines.

Does Cloudflare Public Bug Bounty pay bounties?

Yes, Cloudflare Public Bug Bounty offers monetary rewards for valid security vulnerabilities.

What types of vulnerabilities does Cloudflare Public Bug Bounty accept?

Cloudflare Public Bug Bounty accepts reports for vulnerabilities found in their 53 in-scope assets. Common accepted vulnerability types include XSS, SQL injection, SSRF, IDOR, authentication bypass, and RCE. Check the program policy for specific exclusions.