GSA returns 404 for /nvt/CVE-xxxx routes

[plt-prx]

GSA returns 404 for /nvt/CVE-xxxx routes - breaks override workflow from vulnerability reports

Environment

• GSAD: 24.12.1
• GSA: 26.7.0
• gvmd: 26.0.0
• Installation: Built from source (Community Edition)

Issue

When clicking on CVE identifiers in vulnerability scan reports (Scans → [Task] → Vulnerabilities), GSA generates URLs like /nvt/CVE-2016-1908. GSAD returns a 404 error with message "The NVT you were looking for could not be found."

Expected behavior

GSAD should resolve CVE IDs to NVT OIDs and either:

1. Redirect to /nvt/[OID], or
2. Display the NVT details directly

Actual behavior

GSAD has no route handler for /nvt/CVE-xxxx and returns 404.

Why this matters

The /nvt/ route is required to create overrides. The /cve/CVE-xxxx route exists and works, but doesn't allow override creation. Users must manually query the database to find the NVT OID:

psql gvmd -c "SELECT vt_oid FROM vt_refs WHERE ref_id='CVE-2016-1908' LIMIT 1;"

Then manually construct the correct URL: /nvt/1.3.6.1.4.1.25623.1.0.xxxxxx

Reproduction steps

1. Run any vulnerability scan
2. Go to scan results → Vulnerabilities tab
3. Click any CVE identifier
4. Observe 404 error

Proposed solution

Add route handler in GSA to accept /nvt/CVE-xxxx, query gvmd for associated NVT OID(s), and redirect or display accordingly.