CVE mismatch between Debian security tracker and Wazuh CTI

45 views
Skip to first unread message

Nahid Hasan

unread,
Jul 8, 2026, 2:10:13 AM (11 days ago) Jul 8
to Wazuh | Mailing List
Hello there,

I am running Wazuh agent v4.13 on one of my Debian 13 machines, where the package libsnd version 1.2.2-2+deb13u1 is installed.

I recently found that CVE-2026-37555 is reported for this package on the Debian security site. I have attached a screenshot from the Debian site for reference.

However, when I checked the same host in Wazuh CTI, it shows the package as unaffected. I have also attached a second screenshot showing the Wazuh result.

Could you please clarify whether this is expected behavior? Is this CVE mapped differently in Wazuh, or could there be a mismatch in the vulnerability feed or package version detection?

Thank you for your help.

Regards,
Nahid Hasan

debian.png
wazuh.png

Stuti Gupta

unread,
Jul 8, 2026, 2:35:59 AM (11 days ago) Jul 8
to Wazuh | Mailing List
I'm looking into this. Please allow me some time.

Stuti Gupta

unread,
Jul 8, 2026, 3:48:26 AM (11 days ago) Jul 8
to Wazuh | Mailing List
Hi Nahid, 
You are right. 

I have opened an issue here for the same: https://github.com/wazuh/wazuh/issues/37510

Please track that for updates. 

Thank you!

Nahid Hasan

unread,
Jul 8, 2026, 4:49:14 AM (11 days ago) Jul 8
to Wazuh | Mailing List
Hello Stuti,

Thank you so much for looking into it.

Regards.
Reply all
Reply to author
Forward
0 new messages