United States
Australia
United Kingdom
Europe
New Zealand
Canada
The Cybersecurity and Infrastructure Security Agency has launched an online nomination form that lets researchers, vendors, and industry partners report Known Exploited Vulnerabilities, a move intended to speed how quickly the agency can identify, validate, and share high-priority threat information.
CISA said the submission process aligns with its Vulnerability Disclosure Policy Platform and Coordinated Vulnerability Disclosure Program, which are designed to encourage good-faith security research and promote transparent, coordinated remediation of cyber risks. The agency framed public reporting as critical to strengthening national cyber defenses by helping ensure exploited flaws are found early, communicated responsibly, and mitigated quickly across federal, private-sector, and critical infrastructure networks.
“Every day, CISA collaborates with security researchers and industry partners that identify and report exploited vulnerabilities. This new reporting capability enhances CISA’s ability to identify, validate, and quickly share critical threat information,” said Chris Butera, CISA’s Acting Executive Assistant Director for Cybersecurity. “Early detection and coordinated vulnerability disclosure are among the most powerful tools we have to reduce risk at scale. CISA strongly encourages researchers and organizations to share vulnerability threats and help us secure the systems Americans rely on every day.”
The Known Exploited Vulnerabilities catalog serves as CISA’s authoritative list of flaws confirmed to be actively exploited in the wild and includes remediation guidance. Entries in the catalog underpin binding operational directives that require U.S. federal civilian agencies to remediate listed issues by specified deadlines, and many private organizations use the list to prioritize patching.
Researchers and organizations can submit nominations through the new online form or by emailing [email protected]. The KEV catalog is available at cisa.gov/known-exploited-vulnerabilities-catalog.
