Hello support team,
We are using Dependency Check to scan vulnerable dependencies in our Java components.
We noticed an inconsistency in scan results:
We also checked suppressed vulnerabilities but could not find CVE-2026-40973 anywhere
However, this CVE-2026-40973 is reported when using Sonatype scan
Could you help to guide how to investigate to find out the root cause why CVE-2026-40973 is not reported with Dependency Check tool?
Hello support team,
We are using Dependency Check to scan vulnerable dependencies in our Java components.
We noticed an inconsistency in scan results:
We also checked suppressed vulnerabilities but could not find CVE-2026-40973 anywhere
However, this CVE-2026-40973 is reported when using Sonatype scan
Could you help to guide how to investigate to find out the root cause why CVE-2026-40973 is not reported with Dependency Check tool?