Vulnerabilities CSV file export not working

Update timeline

1. identified Apr 30, 2025, 07:16 PM UTC

   Users are currently unable to export the Vulnerabilities CSV file.

2. resolved May 02, 2025, 11:48 AM UTC

   The incident has been resolved, and it is now possible to successfully download the Vulnerabilities CVS file.

3. postmortem May 05, 2025, 01:44 PM UTC

   **Impact** At least two organizations experienced issues when generating the Vulnerabilities CSV report. The issue started on UTC-5 25-04-29 15:27 and was reactively discovered 19.9 hours \(TTD\) later by a client who reported to one of our engagement managers [\[1\]](https://help.fluidattacks.com/agent/fluid4ttacks/fluid-attacks/tickets/details/944043000034368058) that the report could not be generated, as the modal remained blocked after requesting the verification code. The problem was resolved in 10.5 hours \(TTF\), resulting in a total window of exposure of 1.2 days \(WOE\). **Cause** A telemetry mechanism was introduced to determine the group associated with each API request. However, with the adoption of MCP, this flow began to be used for cases where organization-level information was needed. Since the mechanism attempted to retrieve group-related data even in organization-level requests, such as generating the analytics CSV report, an error occurred because no group could be linked to the organization context [\[2\]](https://gitlab.com/fluidattacks/universe/-/merge_requests/76648). **Solution** The telemetry retrieval of group name and role variables was removed. Not attempting to gather this information also improved performance during these requests [\[3\]](https://gitlab.com/fluidattacks/universe/-/merge_requests/76780). **Conclusion** The adjustments ensure that organization-level requests are handled correctly, preventing similar issues in the future and allowing users to generate reports without interruption. **INCOMPLETE\_PERSPECTIVE**