Request a CVE Identifier

CVE Identifier number reservation allows researchers and vendors to include CVE Identifier numbers — also called CVE-IDs and CVEs — in the initial public announcement of a vulnerability, and ensures that the CVE Identifier number is instantly available to all CVE users and makes it easier to track vulnerabilities over time. The methods by which researchers may request CVE Identifier number(s) are described below.

Main Methods

Contact one of the officially recognized CVE Numbering Authorities (CNAs), which will then include a CVE Identifier number in its initial public announcement about your new vulnerability.

Or, contact an emergency response team such as CERT/CC, etc., post the information to mailing lists such as Bugtraq, or provide the information to a vulnerability analysis team.

Alternative Method

If you are unable to obtain a CVE Identifier number via the main methods above, you may request a CVE Identifier number directly from the CVE project. To reserve a CVE Identifier number before publicizing a new vulnerability, vulnerability researchers may contact cve-assign@mitre.org and we will provide you with our "CVE-ID Reservation Guidelines for Researchers" document. Please note that processing of such requests are prioritized based upon the CVE Editorial Board-approved current data sources, product coverage, and coverage goals. We will then work with you to assign a CVE Identifier number for the issue while you work through the process of publicly disclosing the vulnerability.

Please review the Researcher Responsibilities.

A PGP key is available for encrypted communications:
Key ID: 8B5618B6
Fingerprint: 3661 5122 7CF5 FC6B BCCC 7943 76FF 3305 8B56 18B6
Key size: 4096
Public key: Click to download
NOTE: PGP key updated April 2016
 
Page Last Updated: April 15, 2016