Anyone can request a CVE, this is sadly the most likely path towards getting it fixed.