Request a CVE Identifier

CVE Identifier (CVE ID) number reservation allows vulnerability researchers and vendors to include CVE IDs in the initial public announcement of a newly discovered vulnerability, and ensures that the CVE ID is instantly available to all CVE users and makes it easier to track vulnerabilities over time.

IMPORTANT NOTICE

Method to Request CVE IDs Changing Soon

A “CVE Request” web form is replacing the cve-assign@mitre.org email address effective August 29, 2016. CVE ID requestors will complete the “CVE Request” web form when requesting a CVE ID directly from MITRE.

The previous practice of submitting requests via email will be discontinued.

Learn more


Follow these steps to request a CVE ID:

1

Verify that the issue is covered by the CVE's current data sources, product coverage, and coverage goals.

If YES, proceed to step 2.

2

Contact a CVE Numbering Authority (CNA)

Organizations participating as CNAs are the primary method through which CVE IDs are assigned. To have your issue considered, contact a participating CNA organization directly regarding the issue. If the request is accepted, the organization will include a CVE ID for the issue in its initial public announcement about your new vulnerability.

Contact an Emergency Response Team

Alternatively, you may contact an emergency response or vulnerability analysis team such as CERT/CC, etc., and if the request is accepted, that organization will work to have a CVE ID assigned to the issue. Or, you may post the information to mailing lists such as BugTraq or oss-security and, if accepted, the issue will eventually be assigned a CVE ID by a CNA.

3

Alternative Method

If you are unable to obtain a CVE ID via the main methods cited above, you may request a CVE ID directly from the CVE project.  CAUTION: The processing of such requests is based upon the availability of our analysts; there is no set turnaround time as to when you may receive a response.

To reserve a CVE ID number before publicizing a new vulnerability, vulnerability researchers may contact cve-assign@mitre.org and we will provide you with our "CVE ID Reservation Guidelines for Researchers" document. We will then work with you to assign a CVE ID for the issue while you work through the process of publicly disclosing the vulnerability.

Please review the Researcher Responsibilities prior to contacting us.

A PGP key is available for encrypted communications:
Key ID: 8B5618B6
Fingerprint: 3661 5122 7CF5 FC6B BCCC 7943 76FF 3305 8B56 18B6
Key size: 4096
Public key: Click to download
NOTE: PGP key updated August 2016
 
Page Last Updated: August 23, 2016