Request a CVE ID

CVE Identifier (CVE ID) number reservation allows vulnerability researchers and vendors to include CVE IDs in the initial public announcement of a newly discovered vulnerability, and ensures that the CVE ID is instantly available to all CVE users and makes it easier to track vulnerabilities over time. If your organization is a CVE Numbering Authority (CNA), use our web form to request a block of CVE IDs.


New Method to Request CVE IDs, Updates, and More from MITRE in Effect

Beginning on August 29, 2016, requestors must complete the "CVE Request web form" as indicated in step 3 below to request a CVE ID from MITRE. The form can also be used to request a block of CVEs (for CNAs only), request an update to a CVE, provide notification about a vulnerability publication, or submit comments.

The previous practice of submitting requests via email has been discontinued.

See the CVE Request Web Form Overview and Web Form Tip Sheet.


Follow these steps to request a CVE ID:


Verify that the issue is covered by CVE's current product coverage goals.

If YES, proceed to step 2.


Contact a CVE Numbering Authority (CNA)

Organizations participating as CNAs are the primary method through which CVE IDs are assigned. To have your issue considered, contact a participating CNA organization directly regarding the issue. If the request is accepted, the organization will include a CVE ID for the issue in its initial public announcement about your new vulnerability.

Contact an Emergency Response Team

Alternatively, you may contact an emergency response or vulnerability analysis team such as CERT/CC, etc., and if the request is accepted, that organization will work to have a CVE ID assigned to the issue. Or, you may post the information to mailing lists such as BugTraq or oss-security and, if accepted, the issue will eventually be assigned a CVE ID by a CNA.


Alternative Method

If you are unable to obtain a CVE ID via the methods cited above, you may request a CVE ID directly from MITRE using our CVE ID Request web form (view guidance).

Upon completion of the form, you will receive a confirmation message that includes a reference number. MITRE will work with you to reserve a CVE ID while you work through the process of publicly disclosing the vulnerability.

Go to the CVE Request web form.

A PGP key is available for encrypted communications:

Key ID:		8B5618B6
Fingerprint:	3661 5122 7CF5 FC6B BCCC 7943 76FF 3305 8B56 18B6
Key size:	4096
Public key:	Click to download

NOTE: PGP key updated August 2016

Page Last Updated or Reviewed: January 13, 2017