---
title: Allowed values for vulnerability.status
description: The lifecycle state of a vulnerability finding on an asset. Use this field to distinguish between vulnerabilities that are currently present and those...
url: https://docs-v3-preview.elastic.dev/elastic/ecs/tree/main/reference/ecs-allowed-values-vulnerability-status
products:
  - Elastic Common Schema (ECS)
applies_to:
  - Elastic Cloud Serverless: Generally available
  - Elastic Stack: Generally available
---

# Allowed values for vulnerability.status
The lifecycle state of a vulnerability finding on an asset. Use this field to distinguish between vulnerabilities that are currently present and those that have been remediated.
Integrations that consume incremental or delta APIs should map their vendor-specific status values to one of the allowed values below. Integrations that consume full-snapshot APIs (where every record represents a currently open vulnerability) should set this field to `open`. Full-snapshot sources never produce `fixed` records.
**Allowed values**
- [open](#ecs-vulnerability-status-open)
- [fixed](#ecs-vulnerability-status-fixed)
- [reopened](#ecs-vulnerability-status-reopened)
- [unknown](#ecs-vulnerability-status-unknown)


## open

Vulnerability is currently present on the asset.

## fixed

Vulnerability has been remediated and is no longer present on the asset.

## reopened

Vulnerability reappeared on the asset after previously being fixed. From a filtering perspective this is treated the same as `open`, but it signals a regression that matters for SLA tracking.

## unknown

The lifecycle state of the vulnerability cannot be determined. This is the appropriate value for full-snapshot integrations that do not provide lifecycle data, or when the source data does not include status information.