diff --git a/server/vulnerabilities/nvd/cpe_matching_rules.go b/server/vulnerabilities/nvd/cpe_matching_rules.go
index b1eaa68813..e1776c2991 100644
--- a/server/vulnerabilities/nvd/cpe_matching_rules.go
+++ b/server/vulnerabilities/nvd/cpe_matching_rules.go
@@ -209,6 +209,25 @@ func GetKnownNVDBugRules() (CPEMatchingRules, error) {
 				return cpeMeta.Product == "visual_studio_code" && cpeMeta.TargetSW == wfn.Any
 			},
 		},
+		// CVE-2023-48795 in NVD incorrectly mentions PowerShell as vulnerable when the issue is actually with OpenSSH,
+		// which is packaged separately. It also includes a bogus resolved-in version number. See #26073.
+		CPEMatchingRule{
+			CVEs: map[string]struct{}{
+				"CVE-2023-48795": {},
+			},
+			IgnoreIf: func(cpeMeta *wfn.Attributes) bool {
+				return cpeMeta.Vendor == "microsoft" && cpeMeta.Product == "powershell"
+			},
+		},
+		// CVE-2025-21171 only affects RC versions of PowerShell, see https://github.com/PowerShell/Announcements/issues/72
+		CPEMatchingRule{
+			CVEs: map[string]struct{}{
+				"CVE-2025-21171": {},
+			},
+			IgnoreIf: func(cpeMeta *wfn.Attributes) bool {
+				return cpeMeta.Vendor == "microsoft" && cpeMeta.Product == "powershell" && cpeMeta.Update == ""
+			},
+		},
 		// Old macos CPEs without version constraints that should be ignored
 		CPEMatchingRule{
 			CVEs: map[string]struct{}{
diff --git a/server/vulnerabilities/nvd/cve_test.go b/server/vulnerabilities/nvd/cve_test.go
index 51da562008..811bcc6fb6 100644
--- a/server/vulnerabilities/nvd/cve_test.go
+++ b/server/vulnerabilities/nvd/cve_test.go
@@ -367,6 +367,30 @@ func TestTranslateCPEToCVE(t *testing.T) {
 			excludedCVEs:      []string{"CVE-2024-10327"},
 			continuesToUpdate: true,
 		},
+		// CVE-2023-48795 false positive and true positive checks (see #26073)
+		"cpe:2.3:a:microsoft:powershell:7.4.3:*:*:*:*:*:*:*": {
+			excludedCVEs:      []string{"CVE-2023-48795", "CVE-2025-21171"},
+			continuesToUpdate: true,
+		},
+		"cpe:2.3:a:openbsd:openssh:9.5:p1:*:*:*:*:*:*": {
+			includedCVEs:      []cve{{ID: "CVE-2023-48795", resolvedInVersion: "9.6"}},
+			continuesToUpdate: true,
+		},
+		"cpe:2.3:a:openbsd:openssh:9.6:*:*:*:*:*:*": {
+			excludedCVEs:      []string{"CVE-2023-48795"},
+			continuesToUpdate: true,
+		},
+		// end of CVE-2023-48795 checks
+		// CVE-2025-21171 handling
+		"cpe:2.3:a:microsoft:powershell:7.5.0:*:*:*:*:macos:*:*": {
+			excludedCVEs:      []string{"CVE-2025-21171"},
+			continuesToUpdate: true,
+		},
+		"cpe:2.3:a:microsoft:powershell:7.5.0:rc.1:*:*:*:macos:*:*": {
+			includedCVEs:      []cve{{ID: "CVE-2025-21171"}},
+			continuesToUpdate: true,
+		},
+		// end of CVE-2025-21171 checks
 		"cpe:2.3:a:jetbrains:goland:2022.3.99.123.456:*:*:*:*:macos:*:*": {
 			includedCVEs:      []cve{{ID: "CVE-2024-37051", resolvedInVersion: "2023.1.6"}},
 			continuesToUpdate: true,