Responsible disclosure program
Data security is a top priority for Cobbler, and Cobbler believes that working with skilled security researchers can identify weaknesses in any technology.

If you believe you've found a security vulnerability in Cobbler's service, please notify us. We will work with you to resolve the issue promptly.


  • Share your discovery with us by emailing us at [email protected]. We will acknowledge your email within 24 hours.
  • Provide us with a reasonable amount of time to resolve the issue before disclosing it to the public or a third party. We aim to resolve critical issues within one week of disclosure.
  • Provide a clear, concise description of the steps needed to reproduce any vulnerability you submit.
  • Make a good faith effort to avoid violating privacy, destroying data, or interrupting or degrading the Cobbler service. Please only interact with accounts you own or for which you have explicit permission from the account holder.


While researching, please refrain from:

  • Distributed Denial of Service (DDoS)
  • Spamming
  • Social engineering or phishing of Cobbler employees, contractors, or customers
  • Any attacks against Cobbler's physical property or data centers
  • Storing, sharing, compromising, or destroying any Cobbler data or customer data

Thank you for helping to keep Cobbler and our users safe!