McAfee Vulnerability Disclosure Program

    McAfee is committed to the security of our customers, products, and digital ecosystem. We value the contributions of the security research community and welcome reports of potential security vulnerabilities in McAfee products and websites through responsible disclosure as described in this program bulletin.

    Report a Security Vulnerability

    To report a finding, please send a detailed email to psirt@mcafee.com.

    Your report must include the following:

    • Summary of the vulnerability
    • Detailed steps to reproduce the issue, including sample code, screenshots, or video (the Proof of Concept must demonstrate a confirmed, exploitable vulnerability; potential or theoretical vulnerabilities will not be considered)
    • CVSS 4.0 Score with Base and Temporal Score values
    • Remediation suggestions, if any
    • Disclosure plans, if any

    For product vulnerabilities, please include:

    Field Details Required
    Product name e.g., McAfee Total Protection
    Product version e.g., 16.x
    Operating system e.g., Android 14, Windows 11

    For website vulnerabilities, please include:

    Field Details Required
    Website URL Full URL where the issue was identified
    Browser name e.g., Chrome, Firefox
    Browser version e.g., 124.0

    A member of the McAfee Product Security Incident Response Team (PSIRT) will acknowledge your report, work with internal engineering teams to investigate the finding, and coordinate response and remediation where applicable.

    PGP-encrypted submissions are encouraged. McAfee PSIRT PGP Key: Download

    PSIRT Policy Statements

    Researcher Recognition McAfee recognizes and values security researchers who make meaningful contributions through responsible disclosure. Qualifying researchers will receive:

    • Certificate of Appreciation - a personalized certificate issued by the McAfee CISO acknowledging the researcher's contribution to improving the security of McAfee products or services.
    • McAfee Distinguished Contributor Badge – a digital badge that researchers may display publicly on LinkedIn, personal websites, and other professional or social media platforms to showcase their recognition by McAfee.

    Recognition is granted to researchers who:

    1. Report a validated, in-scope vulnerability with a complete and actionable Proof of Concept.
    2. Follow responsible disclosure practices and do not publicly disclose, discuss, or publish details of the vulnerability, including technical specifics, exploit methods, or affected components, at any time.
    3. Have not disclosed the finding to any third party prior to McAfee completing its remediation process.

    Important: Receipt of a Certificate of Appreciation or Distinguished Contributor Badge does not authorize the researcher to share with any third party what vulnerability was found, how it was exploited, or any technical details related to the finding. Recognition acknowledges the researcher's contribution - not permission to disclose.

    No Favorites: McAfee addresses validated vulnerabilities consistently across its customer base. No customer receives advanced notice of a fix unless explicitly authorized by the CISO under a strict NDA on a case-by-case basis.

    CVSS Scoring: McAfee uses the most current version of the Common Vulnerability Scoring System (currently CVSS v4.0) for internal severity assessment and prioritization. Base scores are required; temporal and environmental scores are optional.

    Contact

    Channel Details
    McAfee PSIRT Email psirt@mcafee.com
    PGP Key Download Zip
    Product/subscription issues Contact Support
    URL classification Learn More

     

    * Important Terms and Offer Details:

    .

    -Subscription, Free Trial, Pricing and Automatic Renewal Terms:

    • The amount you are charged upon purchase is the price of the first term of your subscription. The length of your first term depends on your purchase selection. 30 days before your first term is expired, your subscription will be automatically renewed on an annual basis and you will be charged the renewal subscription price in effect at the time of your renewal, until you cancel (Vermont residents must opt-in to auto-renewal.)
    • Unless otherwise stated, if a savings amount is shown, it describes the difference between the introductory first term price (available only to customers without an existing McAfee subscription) and the renewal subscription price (e.g., first term price vs. each year thereafter).
    • Pricing is subject to change. If the renewal price changes, we will notify you in advance so you always know what’s going on.
    • You can cancel your subscription or change your auto-renewal settings any time after purchase from your My Account page. To learn more, click here.
    • You will be provided a full refund upon request, by contacting Customer Support within 30 days of your initial purchase or 60 days of auto-renewal.
    • Your subscription is subject to our License Agreement and Privacy Notice. Subscriptions covering "all" devices are limited to supported devices that you own. Product features may be added, changed or removed during the subscription term.  Not all features may be available on all devices.  See System Requirements for additional information.
    • Free Trial Terms: At the end of your trial period you will be charged $39.99 for the first term. After the first term, you will be automatically renewed at the renewal price (currently $109.99/yr). We will charge you 7-days before renewal. You can cancel at any time before you are charged. ​
    • Plans with unlimited device protection cover only household devices that you own for personal, non-commercial use, and are subject to our fair use policy. If you have an issue adding a device, please contact Customer Support.

    -**Free Benefits With Auto-Renewal:

    • For many qualifying product subscriptions McAfee offers additional benefits for free when you are enrolled in auto-renewal. You can check your eligibility for these benefits in your My Account page. Not all benefits are offered in all locations or for all product subscriptions.  System Requirements apply.   Turning off auto-renewal terminates your eligibility for these additional benefits. 
    • Virus Protection Pledge (VPP): If we cannot remove a virus from your supported device we’ll refund you the amount you paid for your current term subscription.  The refund does not apply to any damage or loss caused by a virus.  You are responsible for backing up your data to prevent data loss. See terms here: mcafee.com/pledge.

    -‡Additional Terms Specific to Identity Monitoring Service:

    • Eligibility: McAfee® Identity Monitoring Service Essentials is available within active McAfee+ Premium, McAfee+ Advanced, McAfee+ Ultimate, McAfee Total Protection and McAfee LiveSafe subscriptions. Not all identity monitoring elements are available in all countries. See License Agreement for more information. 
    • Your subscription is subject to our License Agreement and Privacy Notice. Product features may be added, changed or removed during the subscription term. Some features may require registration and a valid ID number to activate. See System Requirements for additional information.
    • While McAfee Identity Monitoring Service provides you tools and resources to protect yourself from identity theft, no identity can be completely secure.
    • US Only:
      Fair Credit Reporting Act: You have numerous rights under the FCRA, including the right to dispute inaccurate information in your credit report(s). Consumer reporting agencies are required to investigate and respond to your dispute, but are not obligated to change or remove accurate information that is reported in compliance with applicable law. While this plan can provide you assistance in filing a dispute, the FCRA allows you to file a dispute for free with a consumer reporting agency without the assistance of a third party.
    • Identity theft coverage is not available in New York due to regulatory requirements.

    -Additional Terms Specific to customers with Identity Theft Coverage​

    • Purchase required to activate Identity Theft Coverage.​
    • United States Customers: For residents of states other than the State of New York, the expense reimbursement insurance benefit for members is insured by insurers led by underwriters of Lloyd’s, under a master group policy issued in the name of Sontiq, Inc., and all of its subsidiaries for the benefit of members. The complete policy is available from Sontiq on request. Claims will be reviewed by the insurer in accordance with the terms and conditions of the master group policy. Restoration services are provided by Sontiq, Inc.​ ​ ​

    -‡Additional Terms Specific to Scam Detector:

    • Video Scams is currently trained only on English audio. Scanning non-English audio in videos might give less accurate results. No AI is perfect, but we’re committed to improving its reliability for your protection. See here for more information.

      TechMate :

    • Your TechMate license(s) is available with the purchase of a qualified TechMaster Concierge subscription and is accessible for the duration of your paid subscription.
    • TechMate is only available for Windows Vista, 7, 8.1, and 10.

      TechMaster Single Incident Services :

    • Purchase of a single incident service, such as Device Set Up or Advanced Troubleshooting, is good for one issue. In the event the issue recurs within 7 days, there will be no additional charge for service on the same device for the same issue.
    • See our System Requirements for information on qualified devices.

    Products

    McAfee+™ Individual
    McAfee+™ Family
    McAfee® Total Protection
    McAfee® Antivirus
    McAfee® Free Antivirus
    McAfee® PC Optimizer
    McAfee® Mobile Security

    Features

    Password Generator
    McAfee Smart AI™
    Scam Detector
    Deepfake Detector
    Credit Monitoring
    Personal Data Cleanup
    Social Privacy Manager
    Online Account Cleanup
    Parental Controls
    Protection Score

    Resources

    McAfee Smart AI Hub
    McAfee AI News
    About Deepfakes
    Blogs
    Learn with McAfee
    McAfee Labs
    Malware
    Activate Retail Card
    Downloads
    Responsible AI
    Customer Scam Awareness

    Support

    Customer Service
    FAQs
    Renewals
    McAfee Assist
    Report a Scam
    Report Phishing

    asdf

    About

    About McAfee
    Careers
    Contact Us
    Newsroom
    Investors
    Legal Terms
    Your Privacy Choices California Consumer Privacy Act (CCPA) Opt-Out Icon
    System Requirements
    Sitemap

      United States / English Copyright © {{new Date().getFullYear()}} McAfee, LLC
    Copyright © {{new Date().getFullYear()}} McAfee, LLC
    United States / English