@Hung_Hoang_Le - a fix for this has been deployed. The self-hosted Pool selection on the Security Review / Vulnerability Scanner page should now persist correctly after saving.
Could you try setting up your Vulnerability Scanner with a self-hosted Pool again and confirm the Environment sticks after saving?