On the Controls > OS Updates page, the “Current versions” table is built from the /api/latest/fleet/os_versions endpoint with a hardcoded per_page=8. The UI renders no pagination controls, so only the first 8 results (ordered by hosts_count descending) are ever displayed. On fleets with more than 8 distinct OS version strings, any OS versions beyond the first page are silently omitted, with no indication to the user that results have been truncated.
{
"meta": {
"has_next_results": true,
"has_previous_results": false
},
"count": 39,
"counts_updated_at": "2026-05-28T09:24:12Z",
"os_versions": [
{
"os_version_id": 88,
"hosts_count": 13,
"name": "macOS 26.5",
"name_only": "macOS",
"version": "26.5",
"platform": "darwin",
"generated_cpes": [
"cpe:2.3:o:apple:macos:26.5:*:*:*:*:*:*:*",
"cpe:2.3:o:apple:mac_os_x:26.5:*:*:*:*:*:*:*"
],
"vulnerabilities": [],
"vulnerabilities_count": 0
},
{
"os_version_id": 69,
"hosts_count": 13,
"name": "macOS 26.4.1",
"name_only": "macOS",
"version": "26.4.1",
"platform": "darwin",
"generated_cpes": [
"cpe:2.3:o:apple:macos:26.4.1:*:*:*:*:*:*:*",
"cpe:2.3:o:apple:mac_os_x:26.4.1:*:*:*:*:*:*:*"
],
"vulnerabilities": [],
"vulnerabilities_count": 78
},
{
"os_version_id": 81,
"hosts_count": 13,
"name": "iOS 26.0.1",
"name_only": "iOS",
"version": "26.0.1",
"platform": "ios",
"vulnerabilities": [],
"vulnerabilities_count": 0
},
{
"os_version_id": 80,
"hosts_count": 12,
"name": "iOS 26.2",
"name_only": "iOS",
"version": "26.2",
"platform": "ios",
"vulnerabilities": [],
"vulnerabilities_count": 0
},
{
"os_version_id": 2,
"hosts_count": 10,
"name": "macOS 15.5",
"name_only": "macOS",
"version": "15.5",
"platform": "darwin",
"generated_cpes": [
"cpe:2.3:o:apple:macos:15.5:*:*:*:*:*:*:*",
"cpe:2.3:o:apple:mac_os_x:15.5:*:*:*:*:*:*:*"
],
"vulnerabilities": [],
"vulnerabilities_count": 452
},
{
"os_version_id": 5,
"hosts_count": 8,
"name": "macOS 15.6.1",
"name_only": "macOS",
"version": "15.6.1",
"platform": "darwin",
"generated_cpes": [
"cpe:2.3:o:apple:macos:15.6.1:*:*:*:*:*:*:*",
"cpe:2.3:o:apple:mac_os_x:15.6.1:*:*:*:*:*:*:*"
],
"vulnerabilities": [],
"vulnerabilities_count": 364
},
{
"os_version_id": 90,
"hosts_count": 6,
"name": "Microsoft Windows 11 Famille 25H2 10.0.26200.8457",
"name_only": "Microsoft Windows 11 Famille 25H2",
"version": "10.0.26200.8457",
"platform": "windows",
"vulnerabilities": [],
"vulnerabilities_count": 0
},
{
"os_version_id": 47,
"hosts_count": 6,
"name": "Ubuntu 24.04.4 LTS",
"name_only": "Ubuntu",
"version": "24.04.4 LTS",
"platform": "ubuntu",
"vulnerabilities": [],
"vulnerabilities_count": 0
}
]
}
A fleet with more than 8 distinct OS versions had Windows Pro versions that were not visible in the table. They existed in the API response on page 1+ but were never surfaced in the UI.
{
"meta": {
"has_next_results": true,
"has_previous_results": false
},
"count": 39,
"counts_updated_at": "2026-05-28T09:24:12Z",
"os_versions": [
{
"os_version_id": 88,
"hosts_count": 13,
"name": "macOS 26.5",
"name_only": "macOS",
"version": "26.5",
"platform": "darwin",
"generated_cpes": [
"cpe:2.3:o:apple:macos:26.5:*:*:*:*:*:*:*",
"cpe:2.3:o:apple:mac_os_x:26.5:*:*:*:*:*:*:*"
],
"vulnerabilities": [],
"vulnerabilities_count": 0
},
{
"os_version_id": 69,
"hosts_count": 13,
"name": "macOS 26.4.1",
"name_only": "macOS",
"version": "26.4.1",
"platform": "darwin",
"generated_cpes": [
"cpe:2.3:o:apple:macos:26.4.1:*:*:*:*:*:*:*",
"cpe:2.3:o:apple:mac_os_x:26.4.1:*:*:*:*:*:*:*"
],
"vulnerabilities": [],
"vulnerabilities_count": 78
},
{
"os_version_id": 81,
"hosts_count": 13,
"name": "iOS 26.0.1",
"name_only": "iOS",
"version": "26.0.1",
"platform": "ios",
"vulnerabilities": [],
"vulnerabilities_count": 0
},
{
"os_version_id": 80,
"hosts_count": 12,
"name": "iOS 26.2",
"name_only": "iOS",
"version": "26.2",
"platform": "ios",
"vulnerabilities": [],
"vulnerabilities_count": 0
},
{
"os_version_id": 2,
"hosts_count": 10,
"name": "macOS 15.5",
"name_only": "macOS",
"version": "15.5",
"platform": "darwin",
"generated_cpes": [
"cpe:2.3:o:apple:macos:15.5:*:*:*:*:*:*:*",
"cpe:2.3:o:apple:mac_os_x:15.5:*:*:*:*:*:*:*"
],
"vulnerabilities": [],
"vulnerabilities_count": 452
},
{
"os_version_id": 5,
"hosts_count": 8,
"name": "macOS 15.6.1",
"name_only": "macOS",
"version": "15.6.1",
"platform": "darwin",
"generated_cpes": [
"cpe:2.3:o:apple:macos:15.6.1:*:*:*:*:*:*:*",
"cpe:2.3:o:apple:mac_os_x:15.6.1:*:*:*:*:*:*:*"
],
"vulnerabilities": [],
"vulnerabilities_count": 364
},
{
"os_version_id": 90,
"hosts_count": 6,
"name": "Microsoft Windows 11 Famille 25H2 10.0.26200.8457",
"name_only": "Microsoft Windows 11 Famille 25H2",
"version": "10.0.26200.8457",
"platform": "windows",
"vulnerabilities": [],
"vulnerabilities_count": 0
},
{
"os_version_id": 47,
"hosts_count": 6,
"name": "Ubuntu 24.04.4 LTS",
"name_only": "Ubuntu",
"version": "24.04.4 LTS",
"platform": "ubuntu",
"vulnerabilities": [],
"vulnerabilities_count": 0
},
{
"os_version_id": 46,
"hosts_count": 5,
"name": "macOS 26.4",
"name_only": "macOS",
"version": "26.4",
"platform": "darwin",
"generated_cpes": [
"cpe:2.3:o:apple:macos:26.4:*:*:*:*:*:*:*",
"cpe:2.3:o:apple:mac_os_x:26.4:*:*:*:*:*:*:*"
],
"vulnerabilities": [],
"vulnerabilities_count": 78
},
{
"os_version_id": 91,
"hosts_count": 5,
"name": "Microsoft Windows 11 Professionnel 25H2 10.0.26200.8457",
"name_only": "Microsoft Windows 11 Professionnel 25H2",
"version": "10.0.26200.8457",
"platform": "windows",
"vulnerabilities": [],
"vulnerabilities_count": 0
},
{
"os_version_id": 29,
"hosts_count": 4,
"name": "macOS 26.3",
"name_only": "macOS",
"version": "26.3",
"platform": "darwin",
"generated_cpes": [
"cpe:2.3:o:apple:macos:26.3:*:*:*:*:*:*:*",
"cpe:2.3:o:apple:mac_os_x:26.3:*:*:*:*:*:*:*"
],
"vulnerabilities": [],
"vulnerabilities_count": 151
},
{
"os_version_id": 15,
"hosts_count": 4,
"name": "macOS 26.2",
"name_only": "macOS",
"version": "26.2",
"platform": "darwin",
"generated_cpes": [
"cpe:2.3:o:apple:macos:26.2:*:*:*:*:*:*:*",
"cpe:2.3:o:apple:mac_os_x:26.2:*:*:*:*:*:*:*"
],
"vulnerabilities": [],
"vulnerabilities_count": 214
},
{
"os_version_id": 17,
"hosts_count": 4,
"name": "macOS 15.7.3",
"name_only": "macOS",
"version": "15.7.3",
"platform": "darwin",
"generated_cpes": [
"cpe:2.3:o:apple:macos:15.7.3:*:*:*:*:*:*:*",
"cpe:2.3:o:apple:mac_os_x:15.7.3:*:*:*:*:*:*:*"
],
"vulnerabilities": [],
"vulnerabilities_count": 246
},
{
"os_version_id": 1,
"hosts_count": 3,
"name": "Ubuntu 24.04.3 LTS",
"name_only": "Ubuntu",
"version": "24.04.3 LTS",
"platform": "ubuntu",
"vulnerabilities": [],
"vulnerabilities_count": 2822
},
{
"os_version_id": 92,
"hosts_count": 3,
"name": "Microsoft Windows 11 Pro 25H2 10.0.26200.8457",
"name_only": "Microsoft Windows 11 Pro 25H2",
"version": "10.0.26200.8457",
"platform": "windows",
"vulnerabilities": [],
"vulnerabilities_count": 0
},
{
"os_version_id": 95,
"hosts_count": 3,
"name": "iOS 26.5",
"name_only": "iOS",
"version": "26.5",
"platform": "ios",
"vulnerabilities": [],
"vulnerabilities_count": 0
},
{
"os_version_id": 71,
"hosts_count": 3,
"name": "Microsoft Windows 11 Famille 25H2 10.0.26200.8246",
"name_only": "Microsoft Windows 11 Famille 25H2",
"version": "10.0.26200.8246",
"platform": "windows",
"vulnerabilities": [],
"vulnerabilities_count": 60
},
{
"os_version_id": 20,
"hosts_count": 3,
"name": "macOS 15.6",
"name_only": "macOS",
"version": "15.6",
"platform": "darwin",
"generated_cpes": [
"cpe:2.3:o:apple:macos:15.6:*:*:*:*:*:*:*",
"cpe:2.3:o:apple:mac_os_x:15.6:*:*:*:*:*:*:*"
],
"vulnerabilities": [],
"vulnerabilities_count": 365
},
{
"os_version_id": 23,
"hosts_count": 2,
"name": "Ubuntu 22.04.5 LTS",
"name_only": "Ubuntu",
"version": "22.04.5 LTS",
"platform": "ubuntu",
"vulnerabilities": [],
"vulnerabilities_count": 0
},
{
"os_version_id": 58,
"hosts_count": 2,
"name": "macOS 26.3.1 (a)",
"name_only": "macOS",
"version": "26.3.1 (a)",
"platform": "darwin",
"generated_cpes": [
"cpe:2.3:o:apple:macos:26.3.1 (a):*:*:*:*:*:*:*",
"cpe:2.3:o:apple:mac_os_x:26.3.1 (a):*:*:*:*:*:*:*"
],
"vulnerabilities": [],
"vulnerabilities_count": 150
}
]
}
Fleet versions
💥 Actual behavior
On the Controls > OS Updates page, the “Current versions” table is built from the
/api/latest/fleet/os_versionsendpoint with a hardcodedper_page=8. The UI renders no pagination controls, so only the first 8 results (ordered byhosts_countdescending) are ever displayed. On fleets with more than 8 distinct OS version strings, any OS versions beyond the first page are silently omitted, with no indication to the user that results have been truncated.Results:
A fleet with more than 8 distinct OS versions had Windows Pro versions that were not visible in the table. They existed in the API response on page 1+ but were never surfaced in the UI.
Adjusting the request in browser dev tools to:
Results:
🛠️ To fix
TODO
🧑💻 Steps to reproduce
These steps:
per_pagevalue:/api/latest/fleet/os_versions?fleet_id={id}&order_key=hosts_count&order_direction=desc&page=0&per_page=20&max_vulnerabilities=0🕯️ More info (optional)
ubuntu,debian) from the rendered table, so the effective visible limit is even lower than 8 for mixed-platform fleets. Which would explain the json results vs. the table screenshot.