Vulnerability scanner - no official fix

German DiCasas

unread,

Dec 17, 2025, 4:14:15 PM (3 days ago) Dec 17

to Wazuh | Mailing List

Hi team,

I have the wazuh 4.14 and I can see all the vulnerabilities over my linux sistems. But I can see that sometimes the vulnerability is show but there are no fix to fix that .

There are any way to see the vulnerabilities list but with another column with that situation ? I mean, if the vulnerability have or not a fix?

Regards

German

Alcides Moreno

unread,

Dec 17, 2025, 10:46:05 PM (2 days ago) Dec 17

to Wazuh | Mailing List

It is normal to see vulnerabilities listed without an available fix.

This happens because Wazuh synchronizes its database directly with the operating system vendors' security feeds. Sometimes vendors identify a security issue but have not yet released a patch for it, or they may still be working on the update.

The system shows you these alerts to ensure you have visibility into your risk profile, even if there isn't an immediate technical action you can take to resolve it via an update.

Whenever the vulnerability gets fixed, it will disappear from your Inventory.

Best regards,

Alcides.

German DiCasas

unread,

Dec 18, 2025, 8:45:14 AM (2 days ago) Dec 18

to Wazuh | Mailing List

Yes, that is correct but what about to have another variable to check if exist or not the vendor fix? Its posible?

I mean, Wazuh can identify if the vendedor fix exist or not? If so, what variable is?

Regards

German

Alcides Moreno

unread,

Dec 19, 2025, 12:51:04 AM (yesterday) Dec 19

to Wazuh | Mailing List

Hello German,

You can open Vulnerability Detection -> Inventory -> Available Fields and toggle the field named vulnerability.under_evaluation, which indicates true when there is no fix, and indicates false when there is a fix.