In our IOP-enabled Red Hat Satellite 6.18.2 environment, one of the registered hosts is not displaying any reported vulnerabilities in the Satellite UI.

However, the host currently has 200+ installable errata available, indicating that vulnerabilities should be present.

This issue has been observed in two separate Satellite environments following sequential upgrades.

Environment:

• Red Hat Satellite 6.18.2 (IOP-enabled)
• Upgrade path: 6.16 (RHEL 8) → 6.16 (RHEL 9) → 6.17 → 6.18
• host_registration_insights: true

Observed Behavior:

• Host shows 200+ installable errata.

• No vulnerabilities are displayed under the Vulnerabilities section.

• Insights data appears not to reflect the expected CVE mapping.

Expected Behavior:
The host should display associated vulnerabilities based on the available errata and CVE mappings

Testing steps

• Sync 20+ repositories
• Have a host with more than a page worth of repositories
• Pick a specific repo on page 2+, and installable errata within that repo, and look at its CVEs
• Make sure that particular CVE is listed for your host