Impact
At least two organizations experienced issues when generating the Vulnerabilities CSV report. The issue started on UTC-5 25-04-29 15:27 and was reactively discovered 19.9 hours (TTD) later by a client who reported to one of our engagement managers [1] that the report could not be generated, as the modal remained blocked after requesting the verification code. The problem was resolved in 10.5 hours (TTF), resulting in a total window of exposure of 1.2 days (WOE).
Cause
A telemetry mechanism was introduced to determine the group associated with each API request. However, with the adoption of MCP, this flow began to be used for cases where organization-level information was needed. Since the mechanism attempted to retrieve group-related data even in organization-level requests, such as generating the analytics CSV report, an error occurred because no group could be linked to the organization context [2].
Solution
The telemetry retrieval of group name and role variables was removed. Not attempting to gather this information also improved performance during these requests [3].
Conclusion
The adjustments ensure that organization-level requests are handled correctly, preventing similar issues in the future and allowing users to generate reports without interruption. INCOMPLETE_PERSPECTIVE