MITRE CVE ID Request and Support Follow-Up: No Confirmation Email Received Despite Anti-Filter Measures

Introduction: The CVE Request Process and Its Challenges

The Common Vulnerabilities and Exposures (CVE) ID request process serves as a cornerstone for identifying and tracking cybersecurity vulnerabilities. Administered by the MITRE Corporation, this system’s efficacy hinges on seamless communication and robust technical infrastructure. However, a recent user experience exposes critical flaws in this process. A cybersecurity researcher submitted a CVE ID request for a zero-day vulnerability via the official form at https://mitre.github.io/mitre-cve-roles/cve-id-request/, only to encounter systemic communication breakdowns. This case underscores the urgent need for process improvements to ensure timely and reliable responses.

The User’s Experience: A Breakdown in Communication

Following submission, the user failed to receive the anticipated confirmation email. To mitigate potential email filtering issues, they proactively added cve-request@mitre.org and cve@mitre.org to their email client’s safe sender list, configured filters to bypass spam folders, and marked MITRE emails as high priority. Despite these measures, the confirmation email never materialized. A subsequent follow-up request via the General Support form elicited no response, leaving the user in a state of operational uncertainty.