DISCOVERED A SECURITY
VULNERABILITY?

Tell us about it

Security is a process, not a destination. That's why you can report any security vulnerability affecting ESET products or resources, just drop us a line to security@eset.com.

We treat all reports with high priority and investigate all issues directly with the reporter as quickly as possible. Please when you make a report, do so in English via security@eset.com and include the following information:

  • Target – ESET server identified by IP address, hostname, URL and so forth or the ESET product, including version number (see our KnowledgeBase article to determine the version number)
  • Type of issue – the type of vulnerability (e.g. according to OWASP, such as cross-site scripting, buffer overflow, SQL injection, etc.) and include a general description of the vulnerability.
  • Proof-of-concept and/or URL demonstrating the vulnerability – a demonstration of the vulnerability that shows how it works. Examples include:
    • URL containing payload – e.g. XSS in GET request parameters
    • Link to general checker – e.g. SSL vulnerabilities
    • Video – generally useable
      (if uploading to a streaming service, please mark it as private)
    • Log file from ESET SysInspector (see how to create ESET SysInspector log) or Microsoft Problem Steps Recorder (see how to use Problem Steps Recorder), if applicable
    • Please provide as detailed a description as you can, or send us a combination of any of the previous choices.
  • We warmly welcome any recommendations on how to fix the vulnerability, if applicable.

To encrypt your email communications to us, please use our PGP public key.

ESET is a strong believer in, as well as a practitioner of, the responsible disclosure process and publicly credits security vulnerability reporters for their efforts if they do not wish to remain anonymous.

Thank you.
ESET