> ## Documentation Index
> Fetch the complete documentation index at: https://docs.root.io/llms.txt
> Use this file to discover all available pages before exploring further.

# CVE Details

> Deep-dive into any CVE to see affected assets, patch status, and Root's remediation timeline.

The CVE Details page gives you a comprehensive view of any vulnerability - severity, affected assets, patch status, and the full remediation timeline. Access it by clicking any CVE ID throughout the platform.

<Frame caption="CVE Details for CVE-2026-33870 — metadata, affected assets (list or graph view), and action buttons to view the patch or open the Agentic Factory.">
  <img src="https://mintcdn.com/root-939307ed/cCjlTIX-fOzNh_rn/images/cve-details-overview.png?fit=max&auto=format&n=cCjlTIX-fOzNh_rn&q=85&s=e0938924f1891b298d75247b5ea52b74" width="1744" height="1358" data-path="images/cve-details-overview.png" />
</Frame>

## CVE metadata

The top of the page shows:

| Field               | Description                         |
| ------------------- | ----------------------------------- |
| **CVE ID**          | e.g., CVE-2024-45492                |
| **Severity**        | Critical, High, Medium, or Low      |
| **CVSS Score**      | Numeric score and vector string     |
| **Description**     | Summary of the vulnerability        |
| **Published date**  | When the CVE was publicly disclosed |
| **Discovered date** | When Root first detected it         |

## Patch status and actions

If Root has generated a patch, two action buttons appear:

* **Show Patch** - view the actual code diff
* **Show in Agentic Factory** - open the animated [Agentic Patching](/platform/agentic-patching) flow

<Note>
  These buttons appear only for CVEs with Root-generated patch artifacts. CVEs resolved by upstream fixes show resolution status without patch artifacts.
</Note>

## Remediation statuses

| Status                 | Meaning                                                              |
| ---------------------- | -------------------------------------------------------------------- |
| **Fixed**              | Root has resolved this CVE. A patched package or image is available. |
| **Working on a Patch** | Root's agents are actively generating a fix.                         |
| **No Fix Available**   | No applicable fix exists. Root continues monitoring.                 |

## SLA tracking

| SLA Status           | Meaning                          |
| -------------------- | -------------------------------- |
| **Met**              | Resolved within the SLA window   |
| **X days remaining** | Actively being worked within SLA |
| **X days past SLA**  | Overdue, Root is prioritizing    |
| **Pending SLA**      | SLA assignment in progress       |

## Affected assets

### List view

A table listing each affected package, its ecosystem, which subscribed images contain it, and the fix status.

### Graph view

Toggle to graph view for a visual map:

* **CVE node** at the center
* **Package nodes** showing which packages contain the vulnerability
* **Image nodes** showing which subscribed images include those packages

The graph is interactive - click nodes for details, zoom and pan for complex dependency trees.

<Tip>
  The graph view is most useful for CVEs with broad impact across multiple packages and images. For a CVE in a single package, the list view is more practical.
</Tip>

## How to get here

CVE IDs are clickable throughout the platform:

| From                  | How                                            |
| --------------------- | ---------------------------------------------- |
| **Security Findings** | Click any CVE ID                               |
| **Image Report**      | Click a CVE in any tab                         |
| **Library Report**    | Click a CVE in the vulnerability table         |
| **My Library**        | Navigate to a package report, then click a CVE |
| **Direct URL**        | `app.root.io/vulnerabilities/CVE-YYYY-NNNNN`   |

## Public vs. logged-in views

* **Public visitors** see CVE metadata, general affected packages, and Root's remediation status.
* **Logged-in users** additionally see organization-specific affected assets, SLA status, patch artifacts, and the Agentic Factory visualization.