This form can be used to report an RBP (Reserved But Public) CVE ID. In other words, a CVE ID is publicly used (e.g., in a published security advisory) but the CVE Record data is not yet available on the cve.org website because of a publication delay by the CNA.
Choose "Login with Google" in the lower left (only our Production environment is open to users).
Enter login information in the accounts.google.com popup window (i.e., not in the main window labeled "Portal").
Enter information about an RBP CVE ID and the URL at which it is being used.
Other information, especially if you believe these are not the correct CVE IDs for the vulnerabilities, may also be useful.
Press Submit Request.
You will receive a request ID number that can be used to update your responses at a later time.
Once you've completed this form, we will notify you by email when we place a response here.
This may take a few days in some cases. In the meantime, please make updates (after doing Load Ticket) if you have new information.
Please report vulnerabilities in this application by using the cveform-legacy.mitre.org website. MITRE offers this application as a CVE Program partner, and the terms of use apply. CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Copyright © 1999-2026, The MITRE Corporation. CVE is a trademark and the CVE logo is a registered trademark of The MITRE Corporation. This CVE form is a derivative work of earlier code (distributed under the MIT License) from Vulnogram, which is Copyright © Chandan B.N, 2017-2026.