Wazuh Vulnerability Detector Patch: New Wait Mechanism Prevents Inconsistent Feed Scans

A critical timing flaw in Wazuh's Vulnerability Detector (VD) has been patched, addressing a risk where security scans could run with incomplete or corrupted data. The core issue was that the automated VD feed update scan could trigger while active agent sessions were still processing data, such as package indexing or synchronization. This race condition meant scans might analyze an inconsistent system state, potentially missing vulnerabilities or generating false positives, undermining the reliability of the entire security assessment.

The fix introduces a new retry-based waiting mechanism to enforce a consistent execution context. Before initiating a feed update scan, the system now performs a pre-check for any active sessions. If sessions are detected, it enters a waiting loop, retrying every second for a maximum of 60 seconds. The scan is delayed until either all active sessions finish or the timeout is reached, after which it proceeds regardless to maintain system operability. This change directly targets the root cause of the data inconsistency.

This patch is a significant backend stability improvement for Wazuh deployments, particularly in dynamic environments with continuous agent reporting. By ensuring scans only run against a settled data state, it enhances the accuracy and trustworthiness of vulnerability reports. The implementation balances data integrity with system performance, preventing the scan from being indefinitely blocked by a stalled session while systematically reducing the risk of flawed security intelligence.