Flexera Trust Center

Reporting Security Vulnerabilities

Last Updated: 2026-05-28 Flexera encourages all entities to report vulnerabilities in a responsible and coordinated manner.

Please report any and all vulnerabilities found in Flexera's products to PSIRT@flexera.com.

Flexera encourages use of encryption when submitting vulnerability information. Please use our PGP public key for communications directed to the Flexera Product Security Incidence Response Team (PSIRT):

Key-ID: 5326 8935 126F D4DE
Fingerprint: 0667 8439 78CB 6129 799E 274B 5326 8935 126F D4DE
Download the public PGP key here: Download PGP Public Key

Known Vulnerabilities

Flexera publishes a CVE list for known vulnerabilities in our products and services.

Security Notifications

Please report suspected security vulnerabilities in Flexera products or services to the Flexera Security Response Team, security@flexera.com.

You should contact the Security Response Team if:

You think there may be a security vulnerability in a Flexera product or service.
You are unsure about how a known vulnerability affects a Flexera product or service.

You should not contact the Security Response Team if:

You are a Flexera customer – see Notifications for more information how customers can best report issues.
You have a confirmed reproduction for a security vulnerability in a Flexera product or service. In this case, please report the issue to the PSIRT team using the contact information above.

Who reads email sent to security@flexera.com

Only members of the Flexera Security Response Team, a restricted and carefully chosen group of Flexera employees, read the emails sent to the security@flexera.com address. No outside users can subscribe to this list.

Information derived from your email may ultimately be shared with Flexera development teams so that they can confirm, diagnose or resolve the issue.

Who reads email sent to psirt@flexera.com

Only a narrow audience of Flexera employees who are members of the Product Security Incident Response Team (PSIRT) will have access to material sent to the psirt@flexera.com address.

Information derived from your email may ultimately be shared with Flexera development teams so that they can confirm, diagnose or resolve the issue.

What to send when reporting security issues

Please provide as much information about the systems involved and the specific approach to reproduce the issue as you are able when contacting us.

How we respond

Email sent to psirt@flexera.com or security@flexera.com is read and acknowledged with a non-automated response within three working days.

Any information you share with us about security issues that are not public knowledge is kept confidential within Flexera. It is not passed on to any third-party without your permission.

Bug Bounties and Rewards

Flexera does not currently offer a bug bounty program.

PSIRT Discovery Attribution

Flexera is happy to attribute the discovery of security vulnerabilities in our products and services to the individuals who report them to us. If you would like to be publicly acknowledged for your discovery, please let us know when you report the issue.

Note that we cannot attribute discoveries in published CVE information as this is against CVE policy and it outside of Flexera's control. However, we can attribute discoveries in our own security advisories and other communications.

Advance notification

Flexera does not provide an advance notification service. Security advisories are available from within our Community. See also Notifications for information about how we communicate security advisories to customers.

Reporting Other issues

You require technical assistance (for example, "how do I configure my firewall?" or "how do I install patches due to security alerts?"). In this case, contact technical support for your product.
Your issue is not security related. In this case, contact technical support for your product.
You want to provide feedback about our standards of service and performance. In this case contact the technical support manager.

Reporting Security Vulnerabilities

Last Updated: 2026-05-28 Flexera encourages all entities to report vulnerabilities in a responsible and coordinated manner.

Please report any and all vulnerabilities found in Flexera's products to PSIRT@flexera.com.

Key-ID: 5326 8935 126F D4DE
Fingerprint: 0667 8439 78CB 6129 799E 274B 5326 8935 126F D4DE
Download the public PGP key here: Download PGP Public Key

Known Vulnerabilities

Flexera publishes a CVE list for known vulnerabilities in our products and services.

Security Notifications

Please report suspected security vulnerabilities in Flexera products or services to the Flexera Security Response Team, security@flexera.com.

You should contact the Security Response Team if:

You think there may be a security vulnerability in a Flexera product or service.
You are unsure about how a known vulnerability affects a Flexera product or service.

You should not contact the Security Response Team if:

You are a Flexera customer – see Notifications for more information how customers can best report issues.
You have a confirmed reproduction for a security vulnerability in a Flexera product or service. In this case, please report the issue to the PSIRT team using the contact information above.

Who reads email sent to security@flexera.com

Information derived from your email may ultimately be shared with Flexera development teams so that they can confirm, diagnose or resolve the issue.

Who reads email sent to psirt@flexera.com

Only a narrow audience of Flexera employees who are members of the Product Security Incident Response Team (PSIRT) will have access to material sent to the psirt@flexera.com address.

Information derived from your email may ultimately be shared with Flexera development teams so that they can confirm, diagnose or resolve the issue.

What to send when reporting security issues

Please provide as much information about the systems involved and the specific approach to reproduce the issue as you are able when contacting us.

How we respond

Email sent to psirt@flexera.com or security@flexera.com is read and acknowledged with a non-automated response within three working days.

Any information you share with us about security issues that are not public knowledge is kept confidential within Flexera. It is not passed on to any third-party without your permission.

Bug Bounties and Rewards

Flexera does not currently offer a bug bounty program.

PSIRT Discovery Attribution

Advance notification

Reporting Other issues

You require technical assistance (for example, "how do I configure my firewall?" or "how do I install patches due to security alerts?"). In this case, contact technical support for your product.
Your issue is not security related. In this case, contact technical support for your product.
You want to provide feedback about our standards of service and performance. In this case contact the technical support manager.