diff --git a/server/vulnerabilities/nvd/sync/cve_syncer.go b/server/vulnerabilities/nvd/sync/cve_syncer.go
index bad1289a36..c1100fb28b 100644
--- a/server/vulnerabilities/nvd/sync/cve_syncer.go
+++ b/server/vulnerabilities/nvd/sync/cve_syncer.go
@@ -781,15 +781,31 @@ func convertAPI20CVEToLegacy(cve nvdapi.CVE, logger log.Logger) *schema.NVDCVEFe
 	descriptions := make([]*schema.CVEJSON40LangString, 0, len(cve.Descriptions))
 	for _, description := range cve.Descriptions {
 		// Keep only english descriptions to match the legacy.
-		if description.Lang != "en" {
+		var lang string
+		switch {
+		case description.Lang == "en":
+			lang = description.Lang
+		case description.Lang == "en-US":
+			// This occurred starting with Microsoft CVE-2024-38200
+			lang = "en"
+		default:
+			// Non-english descriptions are ignored.
 			continue
 		}
 		descriptions = append(descriptions, &schema.CVEJSON40LangString{
-			Lang:  description.Lang,
+			Lang:  lang,
 			Value: description.Value,
 		})
 	}
 
+	if len(descriptions) == 0 {
+		// Populate a blank description to prevent Fleet cron job from crashing: https://github.com/fleetdm/fleet/issues/21239
+		descriptions = append(descriptions, &schema.CVEJSON40LangString{
+			Lang:  "en",
+			Value: "",
+		})
+	}
+
 	problemtypeData := make([]*schema.CVEJSON40ProblemtypeProblemtypeData, 0, len(cve.Weaknesses))
 	if len(cve.Weaknesses) == 0 {
 		problemtypeData = append(problemtypeData, &schema.CVEJSON40ProblemtypeProblemtypeData{