diff --git a/changes/21242-nvd-input-validation b/changes/21242-nvd-input-validation
new file mode 100644
index 0000000000..cab3a2e77d
--- /dev/null
+++ b/changes/21242-nvd-input-validation
@@ -0,0 +1 @@
+Continue with an empty CVE description when the NVD CVE feed doesn't include description entries (instead of panicking)
diff --git a/server/vulnerabilities/nvd/sync.go b/server/vulnerabilities/nvd/sync.go
index c2e52cc40a..65174e721b 100644
--- a/server/vulnerabilities/nvd/sync.go
+++ b/server/vulnerabilities/nvd/sync.go
@@ -216,9 +216,10 @@ func LoadCVEMeta(ctx context.Context, logger log.Logger, vulnPath string, ds fle
 			}
 			schema := vuln.Schema()
 
-			meta := fleet.CVEMeta{
-				CVE:         cve,
-				Description: schema.CVE.Description.DescriptionData[0].Value,
+			meta := fleet.CVEMeta{CVE: cve}
+
+			if len(schema.CVE.Description.DescriptionData) > 0 {
+				meta.Description = schema.CVE.Description.DescriptionData[0].Value
 			}
 
 			if schema.Impact.BaseMetricV3 != nil {