You are getting down votes because HN has a policy that the HN Title should match the Title on the link to prevent editorializing in almost all cases.
This prevents users from creating click bait headlines to get that karma tho, the majority of the time. Cases where the actual title is the click bait like this one, are the unintended consequence of that policy.
That's true, except the guideline reads "Please use the original title, unless it is misleading or linkbait" and you can argue that once a vulnerability is fixed, implying it's still there is misleading. So we often edit those titles to past tense once that's more accurate. Same with "$site is down" -> "$site was down".
This prevents users from creating click bait headlines to get that karma tho, the majority of the time. Cases where the actual title is the click bait like this one, are the unintended consequence of that policy.