Discovered a security vulnerability?

Tell us about it

Vulnerabilities found on listed ESET Websites

Our partnership with HackTrophy helps us to stay ahead of any potential threats. Let us know about any security issues on our websites and claim your reward.

Vulnerabilities found in ESET Products or on Other Websites

If you believe you have found a vulnerability in any ESET product or web application, please inform us confidentially.

If you believe you have found a vulnerability in any ESET product or web application, please inform us confidentially.

Before submitting the report, please read the Report Policy and Out of Scope section.

Please note that we will not initiate a law enforcement investigation or any lawsuit against you for the content of the report.

Sensitive and Personal information

Never attempt to access personal information or sensitive data. If you obtain sensitive or personal information during your security research, follow these steps:

- STOP your research or actions that include data or personal information immediately

- DO NOT save, copy, disclose, transfer or do any activity related to data or personal information

- ALERT us immediately and support us in the mitigation effort

Out of scope vulnerabilities

Report Policy

  • Reach out to us via security@eset.com
  • Reports and all related materials are encrypted by PGP public key
  • Include your organization & contact name
  • Write a clear description of the potential vulnerability
  • Add all information needed to validate the potential vulnerability
  • Include the ESET product and module version (see KB product and KB module to determine the version number) in reports related to the product
  • Product-related reports should contain a log file from ESET SysInspector if applicable
  • Proof of Concept – please provide as detailed description as you can, including screenshots or video (marked as private when uploaded to stream services)
  • Mitigation suggestions are highly appreciated
  • Include the impact of the potential vulnerability you expect it has on the users, ESET employees or others.
  • Disclosure plans, if any
  • Must be written in the English language

Please note that the reports matching the “Out of Scope” section criteria or not following our Report Policy may be rejected.

ESET is a strong believer in, as well as a practitioner of, the responsible disclosure process and publicly credits security vulnerability reporters for their efforts if they do not wish to remain anonymous.

THANK YOU.