Report Potential Application Security Vulnerabilities

Caterpillar looks forward to working with the security research community to find potential vulnerabilities and keep our businesses and customers safe. If you believe that you have information about a potential cybersecurity vulnerability related to Caterpillar or our affiliates, please submit it through

Please include the following information in an attached document to the email:

  • Website URL
  • Details of the vulnerability, including the type of vulnerability (e.g., vulnerabilities related to input validation, credential management, etc.);
  • Information needed to reproduce and validate the vulnerability, including Proof of Concept code used for exploit;
  • Perceived impact(s) of issue, including how an attacker could exploit the issue;
  • Any additional contact information we may need; and
  • Any other pertinent details.


You should receive a confirmation of receipt within 72 hours. If for some reason you do not receive such a response, please follow up with us to ensure that we received your original message. 

We value the positive impact of your work and thank you for notifying Caterpillar of this matter.

Issues that are considered out of scope for this submission (including but not limited to):

  • Physical configuration issues
  • Facility security gaps
  • Phishing attacks
  • Equipment damage through physical harm
  • Operational efficiency issues
  • Descriptive error messages (e.g. stack traces, application or server errors)
  • HTTP 404 codes/pages or other HTTP non-200 codes/pages
  • Clickjacking and issues only exploitable through clickjacking
  • Disclosure of known public files or directories (e.g. robots.txt)
  • Lack of Security Speedbump when leaving the site
  • Login or Forgot Password page brute force and account lockout not enforced