Keycloak's Bug Bounty Program on YesWeHack

January 16 2026 by Alexander Schwartz

As a Cloud Native Computing Foundation (CNCF) project, Keycloak is the open-source IAM backbone for countless applications. This is your chance to secure a core piece of the cloud-native ecosystem in this public bug bounty program!.

We are proud to be part of this EU sponsored initiative. Projects like ours fuel a lot of public and private infrastructure in the EU and worldwide. Thank you for choosing our project for this initiative to help us to improve and provide secure services to our users!

Why you’ll want to hunt on this program:

High-Impact Target: Make a real difference on a widely-used solution
Full White-Box: Get the deep access you need to find complex bugs
Top Bounties: Earn up to € 5,000 for your findings

We already has some very good submissions, and Keycloak improved due to this. Keep them coming!

Ready to make your mark? Explore the full program details!