Product Security

We provide products and services that store and transfer data with the understanding that protecting data is critical to our users. We strive to innovate and enhance our products to provide increased privacy and security. Transparency of our privacy and security practices is essential to our commitment to users, and to that end, we have created this web page to provide timely information.

Bulletins

2022

WDC-22007 SanDisk Professional G-RAID 4/8 Software Utility setup for Windows, Privilege Escalation

WDC-22006 My Cloud OS 5 Firmware 5.21.104

WDC-22005 Netatalk Security Vulnerabilities

WDC-22004 EdgeRover Desktop App Version 1.5.1-594

WDC-22003 EdgeRover Desktop App Version 1.5.0-576

WDC-22002 My Cloud OS 5 Firmware 5.19.117

WDC-22001 My Cloud OS 3 Firmware 2.12.144

2021

WDC-21016 Apache Log4j 2 Remote Code Execution Vulnerability Analysis

WDC-21015 Important Security Updates for Your My Cloud Device

WDC-21014 SanDisk SecureAccess Software Update

WDC-21013 EdgeRover Desktop App Version 1.4.1-517

WDC-21012 My Cloud OS 5 Firmware 5.18.117

WDC-21011 My Cloud Firmware Version 5.17.107

WDC-21010 My Cloud - files.mycloud.com XSS Vulnerability

WDC-21009 My Cloud Firmware Version 5.15.106

WDC-21008 Recommended Security Measures for WD My Book Live and WD My Book Live Duo

WDC-21007 EdgeRover Windows App Version 0.25

WDC-21006 My Cloud - files.mycloud.com XSS Vulnerability

WDC-21004 Recommended Upgrade to My Cloud OS 5

WDC-21003 ArmorLock, Insecure Key Storage Vulnerability

WDC-21002 My Cloud Firmware Version 5.10.122

WDC-21001 My Cloud, My Cloud Home and SanDisk ibi Web Version 4.13.0

2020

2019

Report a Security Issue

To report a security issue you believe you have found in a Western Digital product or service, please email the details of your findings to PSIRT@wdc.com. Messages sent to any other email addresses may result in a delayed response.
When possible, please include the following:

The specific product(s) or service(s) affected, including any relevant version numbers;
Details about the impact of the issue;
Any information that can help reproduce or diagnose the issue, including a Proof of Concept (PoC) if available; and
Whether you believe the vulnerability is already publicly disclosed or known to third parties.

Please use our PGP/GPG key to encrypt the information before sending it.

Vulnerability Disclosure Program

Western Digital follows a coordinated vulnerability disclosure process. For more information on the scope of our vulnerability disclosure program and what you can expect when working with Western Digital, see our Vulnerability Disclosure Policy.

Western Digital Vulnerability Disclosure Policy

Sign In

Sign In for Business

Resend Verification Email

Reset Password

{{promotion.info.promoTitle}}

{{promotion.info.promoTitle}}

{{promotion.info.desc}}

Details & Exclusions

Details & Exclusions

Details & Exclusions

Product Security

Bulletins

Report a Security Issue

Get the Latest News and Offers

News and updates straight to your inbox