Definition

What is Zero-Day Vulnerability?

A software vulnerability that has been discovered but not yet publicly disclosed or patched by the vendor, leaving affected systems with no available fix at the time it is known or exploited. Zero-day vulnerabilities are extremely valuable in offensive operations because defenders have no warning and traditional signature-based defenses cannot detect their exploitation. Researchers who discover zero-days may responsibly disclose them to vendors under coordinated disclosure programs, or sell them to government agencies and exploit brokers.

A public catalog of disclosed security vulnerabilities, each assigned a unique identifier in the format CVE-YEAR-NUMBER (e.g., CVE-2021-44228 for Log4Shell).

Exploit →

A piece of software, command sequence, or technique that leverages a known vulnerability to cause unintended or unauthorized behavior in a target system.

Bug Bounty →

A crowdsourced security program that offers financial rewards to independent security researchers who responsibly disclose vulnerabilities in a product or service.

Penetration Testing →

A structured, authorized simulation of a real-world cyberattack against a system, network, or application with the goal of identifying exploitable vulnerabilities before malicious actors do.

Put this into practice

AI penetration testing for web applications →

See how Penetrify's autonomous AI agents find and validate this class of security issue in your application.

What is Zero-Day Vulnerability?

Related terms