## Wazuh Vulnerability Scanner Logs Show Mismatch in Detected Vulnerabilities After Feed Update
A performance test of the Wazuh vulnerability scanner has uncovered a discrepancy where system logs report a different number of detected vulnerabilities than the actual database count. This anomaly, identified during a feed update re-scan, points to a potential flaw in the tool's reporting mechanism, which could mislead security teams about their true exposure.

The test, documented in GitHub issue #34150, revealed that after an update by offset, the log messages did not reflect the correct total. While the Elasticsearch index `wazuh-states-vulnerabilities` showed 153,130 documents, the manager logs for two agents reported finding only 708 total vulnerabilities. Specifically, the logs stated scans completed for agents '001' and '002', each finding 233 vulnerable packages but only 708 total vulnerabilities, a figure that appears inconsistent with the database's scale.

This logging error creates a critical visibility gap. Security operations rely on accurate vulnerability counts to prioritize remediation. A mismatch between the scanner's output and the backend data store risks underreporting threats, leaving systems potentially unpatched. The issue affects the core integrity of the Wazuh platform's security reporting, demanding immediate scrutiny to ensure its vulnerability intelligence feed and logging pipeline are synchronized.
---
- **Source**: GitHub Issues
- **Sector**: The Lab
- **Tags**: vulnerability_management, security_software, logging_error, open_source_security
- **Credibility**: unverified
- **Published**: 2026-04-17 20:22:50
- **ID**: 70007
- **URL**: https://whisperx.ai/en/intel/70007