diff --git a/core/src/main/java/org/owasp/dependencycheck/data/nvd/ecosystem/CveEcosystemMapper.java b/core/src/main/java/org/owasp/dependencycheck/data/nvd/ecosystem/CveEcosystemMapper.java
index 307383b4072..1a713cd9022 100644
--- a/core/src/main/java/org/owasp/dependencycheck/data/nvd/ecosystem/CveEcosystemMapper.java
+++ b/core/src/main/java/org/owasp/dependencycheck/data/nvd/ecosystem/CveEcosystemMapper.java
@@ -86,6 +86,7 @@ private boolean hasMultipleVendorProductConfigurations(DefCveItem cve) {
             final List<CpeMatch> cpeEntries = cve.getCve().getConfigurations().stream()
                     .map(Config::getNodes)
                     .flatMap(List::stream)
+                    .filter(cpe -> cpe.getCpeMatch() != null)
                     .map(Node::getCpeMatch)
                     .flatMap(List::stream)
                     .filter(match -> match.getCriteria() != null)