A vulnerability has been found or a vulnerability has been exploited.
Exploiting vulnerabilities is one of the most common techniques used in cyberattacks. Vulnerabilities can exist in software or system design, or result from weak configurations, such as the use of default passwords. Please report any vulnerabilities directly to those affected.
Specific measures
Preventive measures
How the NCSC can help
Further Information
You can report vulnerabilities directly to the affected party or to the NCSC, which will inform them on your behalf.
- Install updates for all installed software programmes and hardware devices as soon as they become available.
- Only expose systems to the internet if they need to be accessible from the internet, and protect these systems with a firewall.
- All remote access must be protected by two-factor authentication (2FA). You should also implement and enforce a password policy to prevent the use of weak passwords (e.g. '123456', or 'password').
- The NCSC analyses reported vulnerabilities and notifies the affected company so that it can fix the problem, if needed.
- If the vulnerability is serious, the NCSC will inform critical infrastructure operators or the public.
- Your report via the online form helps the NCSC identify trends. This makes it possible for the NCSC to raise public awareness in a targeted way.
To ensure your company is informed quickly if a vulnerability is found, the NCSC recommends adding your security contact details to a security.txt file.
Last modification 14.10.2025
