Domain Verification Form

This form allows organizations - especially non-CNA Suppliers - to associate a user account with a domain name in the CVE Program ticketing system. With verified domain ownership, our reviews of all of your future submissions can be much faster (because we will know they are from an authoritative source), and the public information on the CVE List can be directly attributed to your organization.

  1. Complete initial login by clicking on Portal below.

    Press "Login with Google" in the lower left, and then enter login information in the accounts.google.com popup window (i.e., not in the main window labeled "Portal").

  2. Enter the domain name for the website that describes your products. (You cannot enter a URL.)

    The domain name may have more than one '.' character for a subsidiary or business unit of a larger company (e.g., smallerbiz.bigbiz.com).

  3. Press Submit Request.

    You will receive a value for _cveform-cd-challenge (the value begins with cveform-cd-verification= followed by random characters).

  4. Within 24 hours, someone from your organization must login to your domain registrar or other DNS provider.

    Navigate to the domain name (which must already exist) and then to DNS operations.

  5. Add a new TXT record with the _cveform-cd-challenge name and the given value. Any TTL may be used.

    Typically, a complete domain name such as _cveform-cd-challenge.example.com. is not needed.

  6. Save the new TXT record, and then wait for it to be visible in the public DNS.

    It may take several minutes, and perhaps hours, for the data to be sent from a registrar's website to their DNS servers.

  7. After you have waited, press Submit Request again with the same domain name entered.

    If the process was successful, you will be informed that the domain is now associated with your user account. (Otherwise, it is often effective to retry after a longer wait.)

  8. You can now contribute to the CVE List through the MITRE CNA-LR.

    When a request comes from the product supplier concerning their own product, it is prioritized over other requests, and the CVE data (when public) is displayed in the form "CNA: MITRE Corporation x_ On Behalf Of example.com" on the CVE website.

  9. Domain verification is needed only once regardless of what subsequent tasks occur.

    For example, your domain name is automatically associated with future requests for CVE IDs and Supplier ADP submissions (coming later).

CVE
Not Logged In NEWOpenDownload
IMPORTANT! New API Secret Key generated!

Please securely store this API key.
This key will not be shown again!

API Secret Key
Add a new user



Update user details



 

Please report vulnerabilities in this application by using the cveform-legacy.mitre.org website. MITRE offers this application as a CVE Program partner, and the terms of use apply. CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Copyright © 1999-2026, The MITRE Corporation. CVE is a trademark and the CVE logo is a registered trademark of The MITRE Corporation. This CVE form is a derivative work of earlier code (distributed under the MIT License) from Vulnogram, which is Copyright © Chandan B.N, 2017-2026.