How to report a security vulnerability

If you have information about a security vulnerability with a CMF by Nothing product or technology, please send an e-mail to
Encrypt sensitive information using our PGP public key. Please provide more detailed information, including:
  • The products and software versions
  • Detailed description
  • Information on known exploits
A member of the CMF by Nothing Security Team will review your e-mail and contact you to collaborate on resolving the issue. only collects security vulnerabilities related to CMF by Nothing products. If you have other product related issues, please give feedback on

PGP Public Keys

Use the public PGP key to encrypt email with sensitive information and to verify that security communications sent by CMF by Nothing are genuine.
  • Active Date: December 4, 2023
  • Expiration Date: Never
  • Key ID: 5FC6 17E8
  • Key Type: RSA
  • Fingerprint: BC02435AAC1506132BD2235BAA45224A5FC617E8
  • User ID: