Please read steps 1 through 6 below.
Choose "Login with Google" in the lower left (note: only our Production environment is open to users).
Enter login information in the accounts.google.com popup window (i.e., not in the main window labeled "Portal").
After login, a Reserve One CAN button becomes visible. Click that.
You'll get a CAN-YYYY-####### request tracking number (NOT a CVE ID number). Then, click on that CAN link in the ID column of the table.
Enter vulnerability details.
The Vulnogram CVE Services documentation may be useful. Your ID request may be delayed if you do not include the following elements, at minimum:
"Problem types", "Vendor or project", "Product name", "Version", "Vulnerability Description", and "References URL".
CVSS 4.0 or 3.1 information is helpful.
However, if you are omitting it, be sure to click the red “×” in the upper right of the Metrics section.
Press Submit Request.
This reaches the CNA-LR team, who will review as soon as possible. In the meantime, please do not use the CAN number as a public vulnerability ID.
At the CAN link in the coming days, look for YOUR REQUEST WAS ACCEPTED AND ASSIGNED THIS CVE ID.
You can share that CVE ID number for your vulnerability.
Please report vulnerabilities in this application by using the cveform-legacy.mitre.org website. MITRE offers this application as a CVE Program partner, and the terms of use apply. CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Copyright © 1999-2026, The MITRE Corporation. CVE is a trademark and the CVE logo is a registered trademark of The MITRE Corporation. This CVE ID Request form is a derivative work of earlier code (distributed under the MIT License) from Vulnogram, which is Copyright © Chandan B.N, 2017-2026.