Request a CVE Identifier

CVE Identifier (CVE ID) number reservation allows vulnerability researchers and vendors to include CVE IDs in the initial public announcement of a newly discovered vulnerability, and ensures that the CVE ID is instantly available to all CVE users and makes it easier to track vulnerabilities over time. If your organization is a CVE Numbering Authority (CNA), use the web form to request a block of CVE IDs.

IMPORTANT NOTICE

New Method to Request CVE IDs, Updates, and More from MITRE in Effect

Beginning on August 29, 2016, requestors complete the “CVE Request” web form as indicated in step 3 below to request a CVE ID from MITRE. The form can also be used to request a block of CVEs (for CNAs only), request an update to a CVE, provide notification about a vulnerability publication, or submit comments.

The previous practice of submitting requests via email has been discontinued.

Learn more, or visit our helpful CVE Request Web Form Overview (PDF, 505 KB). Interested users may pick up some additional hints from our Tip Sheet (PDF, 472 KB).


Follow these steps to request a CVE ID:

1

Verify that the issue is covered by the CVE's current data sources, product coverage, and coverage goals.

If YES, proceed to step 2.

2

Contact a CVE Numbering Authority (CNA)

Organizations participating as CNAs are the primary method through which CVE IDs are assigned. To have your issue considered, contact a participating CNA organization directly regarding the issue. If the request is accepted, the organization will include a CVE ID for the issue in its initial public announcement about your new vulnerability.

Contact an Emergency Response Team

Alternatively, you may contact an emergency response or vulnerability analysis team such as CERT/CC, etc., and if the request is accepted, that organization will work to have a CVE ID assigned to the issue. Or, you may post the information to mailing lists such as BugTraq or oss-security and, if accepted, the issue will eventually be assigned a CVE ID by a CNA.

3

Alternative Method

If you are unable to obtain a CVE ID via the methods cited above, you may request a CVE ID directly from MITRE using our CVE ID Request web form (view guidance).

To use the form, CVE ID requestors will complete the “CVE Request” web form when requesting a CVE ID directly from MITRE. Upon completion of the form, the requestor will receive a confirmation message that the request was received and a reference number. MITRE will work with you to reserve a CVE ID while you work through the process of publicly disclosing the vulnerability.

Go to the CVE Request web form.

A PGP key is available for encrypted communications:
Key ID: 8B5618B6
Fingerprint: 3661 5122 7CF5 FC6B BCCC 7943 76FF 3305 8B56 18B6
Key size: 4096
Public key: Click to download
NOTE: PGP key updated August 2016
 
Page Last Updated: August 29, 2016