Reporting a vulnerability to CERT NZ

A vulnerability is a weakness in software, hardware, or an online service. Vulnerabilities can be exploited to damage a system or access information.

If you find a vulnerability in a service or product, CERT NZ can help you communicate with the vendor whose systems are affected. This is known as coordinated disclosure.

Coordinated vulnerability disclosure balances the needs of the public with the needs of the vendor. The public needs to both report and be informed of vulnerabilities. Vendors need to have time to respond to, and address, vulnerabilities.

It's useful if the finder of a vulnerability:

  • doesn't want to contact the vendor themselves, or
  • hasn't been successful in contacting the vendor directly.

You can report vulnerabilities to CERT NZ for coordinated disclosure.

To report a vulnerability, send a PGP encrypted email to

Our PGP fingerprint is 9713 8773 3D95 7FAD C0EA 1797 8EB8 FFBD D973 476E

Read our coordinated vulnerability disclosure policy before submitting a report.

Coordinated vulnerability disclosure policy