Sign In with your
Trend Micro Account

Vulnerability Responses

Trend Micro endeavors to develop and release products that meet the highest standards of quality and security. However, there are rare occasions where an unintended vulnerability may be discovered due to various reasons, including new types of exploits that may be developed after the release of a product.

We take and investigate every vulnerability report very seriously and we are committed to thoroughly resolving any issues in a timely manner. Trend Micro follows the guidelines of responsible disclosure to ensure its customers address potential vulnerabilities as quickly as possible to mitigate associated risks.

Vulnerability Definition

A Security Vulnerability is defined as a weakness or flaw found in a product or related service component(s) that could be exploited. It may allow an attacker to compromise the product's integrity. At the same time, it may undermine the regular behavior of the product even when properly deployed in supported configuration. This includes situations wherein the confidentiality (e.g. source code) of a product or service component(s) may be negatively affected.

Traditional product bugs and malware can also negatively affect the operation of a product. However, for the purpose of this process, these are not included in the definition of a security vulnerability.

Trend Micro highly recommends that security researchers contact the Trend Micro's Product Security Incident Response Team (PSIRT) by sending an email to

Report a Vulnerability

  • Submitters are encouraged to utilize Trend Micro’s Product Security PGP key (Key ID: 08FF-B553-F625-033A) to encrypt sensitive information sent to this address.
  • A Trend Micro PSIRT Vulnerability Coordinator will acknowledge the receipt of the submission and then begin the process of collaborating with the submitter and Trend Micro product security engineers on validating, reproducing, and ultimately resolving the potential issue if it is confirmed to be a legitimate security vulnerability.
  • Trend Micro's goal is to resolve confirmed vulnerabilities as quickly and thoroughly as possible, then efficiently distribute the resolution to affected customers.
  • Since each vulnerability is unique, the time frames in which they are addressed can vary. Ongoing dialog is highly encouraged to best understand the vulnerability and possible risks.
  • Responsible security researchers understand that customer security is a priority. This means customers are given ample time to deploy the fixes before any findings are released on a public forum, blog, or social media platform.
  • If necessary, Trend Micro will release a security bulletin when a fix or mitigation is publicly available and will work with submitters on coordinated disclosures (if desired).
  • Security bulletins will typically include CVE assignments if the vulnerability meets the necessary criteria, and Trend Micro is the recognized CVE Numbering Authority (CNA) issuer for CVEs that are attributed to Trend Micro products.
Please note: only emails regarding product vulnerabilities should be sent to Regular product support, including malware and other threat-related inquiries, should be directed to your region's authorized Trend Micro Technical Support representative.
Vulnerability Products Last Updated Date Published
Vulnerability Products Last Updated Date Published

Trend Micro would like to thank the following security researchers and organizations for working with us to resolve one or more security vulnerabilities in our products and services. The names of individuals or organizations listed below have disclosed one or more security vulnerabilities and have actively worked with Trend Micro engineers to resolve these vulnerabilities.

The names of individuals and organizations appear below with their permission.

Disclosures for 2022

  • Ahmed Abdul Rahman
  • Amaranath Moger
  • changyi (常亦), 3imple0ne(何文杰)
  • Goutham A S
  • Jebarson Immanuel
  • Nikhil Rane
  • Ramansh Sharma

Disclosures for 2021

  • 4n_curze (Ankur Vaidya)
  • Arshad. U
  • Ashwin Suresh
  • Bao Chau (CyRadar)
  • blacksolo
  • Cuong Van Bui (VNCERT/CC)
  • Edgar Carrillo Egea
    Twitter - @ecarrilloeg
  • Foysal Ahmed Fahim
  • Gaurang Maheta
  • Gourab Sadhukhan
  • Harinder Singh (S1N6H)
  • Haris Ashraf
  • Hieu Tran Nam
  • Honc (章哲瑜)
  • Husain Murabbi (cyber_humans)
  • Ivan Šincek (Offensive Security Engineer)
  • Jaaziel Sam Carlos - Security Professional
  • Joël Ettinger
  • Johnatan Camargo
  • Julien REYNAUD
    Accor - Security Project Manager
  • Kartik Khurana
  • Khan Jnany
  • Mansoor Rangwala (cyber_humans)
  • Marcos Nocetti
  • Movitz Sunar
  • Omar Mahmoud
  • Parasect
  • Parth Srivastava (Protiviti India Member Private Limited)
  • Pooja Premchand Jaiswal
  • Ranjit Adhikari
  • Richard Davy – ECSC Group
  • Roman Chekhov / Yawergam
  • Sanjok Karki (TheSanjok)
  • Sanyam Chawla
  • Sepehr chegeni (morningst4r)
    Twitter - @Homelesscyber
  • Shreyal Jain
  • Shuvam Adhikari
  • Siddharth Parashar
  • Wasi Junaidi
  • Xavier DANEST - Decathlon

Disclosures for 2020

  • Ai Ho (@j3ssiejjj)
  • Arno Tsai
  • Astroicers (陳齊修)
  • bbbbohman
  • BugStrix Team
  • Chi Tran
  • Dhanumaalaian.R
  • Duelim-Noth (沈彧璿)
  • Faisal Mehmood
  • Hoang Quoc Thinh (@g4mm4)
  • Honc (章哲瑜)
  • Hou JingYi (@hjy79425575)
    qihoo 360 CERT
  • Hzllaga (宋昕岳)
  • Jaaziel Sam Carlos
  • Jacob G. Deniega
  • Johnatan Camargo
  • Lasse Trolle Borup
    Danish Cyber Defence
  • Julien Cretel (@jub0bs)
    Blog -
    Twitter -
  • Marco Altenseuer, SPIRIT/21 GmbH
  • Mark Jadek
    Blog -
    Twitter -
  • Miguel Santareno
  • Mohammad Hosein Askari
  • Muhammad Usman
  • Noth (沈彧璿)
  • Pankaj Kumar Thakur (Nepal)
  • Paras Arora
    CEO & Founder PAC Security LLP (
  • Pritam Mukherjee
  • Raphael Karger
  • Si Thu
  • Sumit Grover
  • Talha Saeed
  • Vikas Rawat
  • Wai Yan Aung
  • Xavier DANEST - Decathlon

Disclosures for 2019

  • Aditra Andri Laksana
  • Arif Khan
  • Asim Mahmood
    Security Researcher
  • Athul Jayaram
    Security Researcher
  • Attila Marosi-Bauer
    Hacktivity Lab
  • Ben Leonard-Lagarde
    Security Researcher
  • BlackSpace 黑杜科技
  • Cody Ward
    Risker Cyber Security & Finance
  • Dhiraj Mishra
  • Fabergé
  • Harsh Joshi
  • Honc (章哲瑜)
  • Jaaziel Sam Carlos
  • Jhang Jhe Yu
    Security Researcher
  • Joel Verghese (KrizzSK)
  • John Page aka hyp3rlinx
  • Johnatan Camargo from PBI | Dynamic IT Security
  • Kamal Elsayed Hussein
  • Kushagra Pathak
  • Lacroute Serge
  • Mart Gil Robles
    Pinoy Security Researcher
  • Mohamed Fadel Khaled Bakir Ali
  • Muhammad Osama
  • Nafiez (@zeifan)
  • Oliveira Lima Jr.
  • Pankaj Kumar Thakur (Nepal)
  • Ronak Nahar
  • Sameer Phad (@sameerphad72)
  • Silton (Tempest Security Intelligence)
  • Shady Gamal
  • Trần Văn Khang (aka Khang Kì Tổ)
    Infiniti Team, VinCSS (a member of Vingroup)
  • Thurein Soe
  • Wai Yan Aung
  • Xavier DANEST - Decathlon
  • Youssef A. Mohamed (GeneralEG)
  • Zach Edwards
  • Zeel D. Chavda
  • 韶 (8/29)
    Taiwan Security Researcher

Disclosures for 2018

  • Abdulkadir Mutlu
  • Abdullah H. AlJaber (@al_jaber)
  • Amr Salah
  • Arın Doruk Çelikel
  • Athul Jayaram
  • B.Dhiyaneshwaran
  • Black Space (黑杜科技)
  • Chieh Yu
  • Dan Fabro
  • Dinesh Manoharan
  • Geethu Sivakumar
    CEO, Pace Hitech |
  • Gehan Kaushal
  • Hassy Vinod
  • HeinHtetAung(UCSMGY)
  • Honc (章哲瑜)
  • Honc (陳逸璋)
  • İsmail Şentürk
  • Jaaziel Sam Carlos
  • Jhang Jhe Yu
    Security Researcher
  • Jithin D Kurup
  • Kağan IŞILDAK
    @kaganisildak, Gais Security
  • Kdiag Haci
    Taiwan No.1
  • Ketan Madhukar Mukane |
  • M. Eren Buyru
  • Macall Salugsugan
  • Michael Bailey
    FLARE Team at Mandiant, a FireEye Company
  • Muhammad Uwais
  • Noriaki Iwasaki
    Cyber Defense Institute, Inc.
  • Onc 章 - 張書豪
  • Pranshu Tiwari
  • Phong Tran (nekard)
  • Rasheed T
  • Ratnadip Gajbhiye (Mr.Ch4rLi3)
  • Rehan Arain
  • Remesh Ramachandran
  • Rico A. Silvallana
    Security Researcher
  • Ryan Warns
    FLARE Team at Mandiant, a FireEye Company
  • S Naveen Kumar
  • Suhas Sunil Gaikwad
  • Syed Sohaib Karim
  • Wai Yan Aung
  • Wen Bin Kong | @kongwenbin
    Houbi Dist.

Disclosures for 2017

  • Aaron Devaney
  • Adesh Nandkishor Kolte
  • Ahsankhan
  • Alec Blance
  • Arbin Godar
  • Bart Leppens
  • Black Space (黑杜科技)
  • Dinesh Manoharan
  • Eliran Itzhak
  • Florian Charbonneau
  • Gamiel Xavier V. Manbiotan
  • Geethu Sivakumar
    CEO, Pace Hitech |
  • Himanshu Mehta
  • Himanshu Rahi
  • Ho_nc(章哲瑜)
  • Honc (章哲瑜)
  • Honc - 章哲瑜
  • John Carroll
  • Jolan Saluria
  • Khair Alhamad
  • Mahmoud Abdelmonem
  • Md. Nur A Alam Dipu
  • Mohammed Israil
  • Muhammad Osama
  • Natanmai Deepak Sundararajan
  • Pal Patel
  • Peter Lapp
  • Pratik Luhana
  • Richard Alviarez
  • Sadik Shaikh
  • Suvadip Kar
  • Suyog Palav
  • Trí Cao Hơn Núi
    Con cháu của Nùng Trí Cao
  • Vasim Shaikh
  • Vineet Kumar
  • Wai Yan Aung
  • Zawad Bin Hafiz

Disclosures for 2016

  • Amine Hm
  • Aniket Pawar
  • Armaan Pathan
  • Ashutosh Barot
  • Center of Information Security, Kyrgyzstan
  • Emad Abou Shanab | @Alra3ees
  • Evan Ricafort
    Invalid Web Security |
  • Gregory Draperi
  • Himanshu Mehta
  • Iwo Graj
    CERT Orange Polska |
  • Jerold Camacho
    Invalid Web Security |
  • John Page aka hyp3rlinx
  • Jose Carlos Exposito Bueno
  • Jun Kokatsu
    KDDI Singapore Dubai Branch
  • Kamran Saifullah
    Ch Mansab Ali |
  • Karim Rahal
  • Kaushik Roy
  • Mansoor Gilal
  • Muhammad Mudassar Yamin
  • Oliveira Lima JR | @oliveiralimajr
  • Quentin Kaiser
  • Sachin Wagh
  • SaifAllah benMassaoud
    Government Laboratory & Evolution Security GmbH
  • Shawar Khan
  • Shehu Awwal
  • Shivram Chouhan
  • Spyridon Chatzimichail
    OTE Hellenic Telecommunications Organization S.A
  • Sumit Sahoo
  • Tayyab Qadir
  • Travis Emmert
  • Wayne Low
    FortiGuard Labs | @x9090
  • YoKo Kho
    Mitra Integrasi Informatika, PT - Consulting & Advisory Svc. Dept. | @yokoacc
  • Zawad Bin Hafiz
  • Zeeshan

Disclosures for 2015

  • AbderrazakYS
  • Ahmed Adel Abdelfattah
  • Ahmed Jerbi
  • Ali Hassan Ghori
  • Ali Salem Saeed (Ali BawazeEer)
  • Christian Galeone
  • Jayaram Yalla
  • John Page aka hyp3rlinx
  • k.karthickumar (Ramanathapuram)
  • Kevin Michael Joensen
    Secu A/S
  • Khair Alhamad
  • Konduru Jashwanth
  • Lawrence Amer
  • Mohamed A. Baset
    Seekurity Inc.
  • Mohamed Chamli
  • Mohamed Khaled Fathy
  • Nathan Young
    E-Secure Australia
  • Nithish M. Varghese
  • Pradeep Kumar
  • Praveen Ananthoji
  • Ramin Farajpour
  • Roberto Zanga
  • Roy Jansen
  • SaifAllah benMassaoud
  • Sajibe Kanti
  • Salman Khan
  • Saurabh Pundir
  • Shivam Kumar Agarwal
  • Siddhartha Tripathy
  • Sravan Kudikyala
  • Sumit Sahoo
  • Vishwaraj Bhattrai

We would also like to thank the security researchers and organizations who wished not to be listed.

To report a potential security issue with any of Trend Micro Products, refer to this section: Report a Vulnerability.

Trend Micro's PSIRT is an active member of the following organizations:

Organization Role Website
cvelogo-alt.png Trend Micro is the primary CVE Numbering Authority (CNA) for issuing CVEs for vulnerabilities in Trend Micro Products. CVE - CVE Numbering Authorities (
first-org.png Trend Micro PSIRT is a member of Forum of Incident Response and Security Teams (FIRST). FIRST Teams