Skip to main content

Report a cyber security vulnerability

Please report any cyber security vulnerabilities you discover that are not yet publicly known, if they are:

  • high-impact vulnerabilities that may affect many users, critical national infrastructure or physical safety and could occur in software components, protocols or hardware
  • vulnerabilities in websites or systems for big business or government agencies.

Coordinating the disclosure of vulnerabilities can minimise the potential harm caused by those vulnerabilities being exploited. 

This disclosure will give vendors and developers more time to mitigate the vulnerabilities and enable affected systems of national interest to reduce their exposure. 

The ACSC has developed a secure process to enable reporting of a cyber security vulnerability.

Fill in your contact details below and a member of the ACSC will contact you to proceed with the process and provide information about the secure email certificate.


Contact details

By submitting this form you acknowledge that you are not reporting a cybercrime.
To report a cybercrime please use the Report a Cybercrime form.
CAPTCHA This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.