CTI not up to date for CVE-2026-33210
45 views
Skip to first unread message
app...@proton.me
May 11, 2026, 7:14:34 AM (6 days ago) May 11
to Wazuh | Mailing List
Hallo Everyone,
shown her for RH 9
but RedHat isnt Effected shown here:
how to fix this false positive?
with best regards
Isaiah Daboh
May 11, 2026, 11:29:20 AM (6 days ago) May 11
to Wazuh | Mailing List
Hello,
Please note that I am taking a look at this. I will revert as soon as possible.
Regards,
Isaiah Daboh
May 12, 2026, 9:23:00 AM (5 days ago) May 12
to Wazuh | Mailing List
Hello,
<rule id="100400" level="0">
<if_sid>23505</if_sid>
<field name="data.vulnerability.cve">CVE-2026-33210</field>
<description> Suppress known false positive </description> </rule>
</group>
There is a known issue with this CVE that has to do with libraries for Ruby. This CVE will be sanitized manually and I will provide with you with update once the link to the issue is created and the issue is fixed.
In the meantime, you can suppress the alert from this CVE by following the step below:
- Determine the rule.id of the VD alerts.
- Add a custom rule in /var/ossec/etc/rules/local_rules.xml
<group name="vulnerability_scan_exclusion"> <rule id="100400" level="0">
<if_sid>23505</if_sid>
<field name="data.vulnerability.cve">CVE-2026-33210</field>
<description> Suppress known false positive </description> </rule>
</group>
Note: This only suppresses the alert, the vulnerability will still show up in the Vulnerability Detection inventory dashboard because that's populated directly from the indexer state, not from rule output.
Regards,
Reply all
Reply to author
Forward
0 new messages