From 88290900dc78d6de76319b096b0d1e733eb5568e Mon Sep 17 00:00:00 2001
From: Dan Heath <76443935+Dan-Heath@users.noreply.github.com>
Date: Thu, 7 May 2026 09:17:33 -0400
Subject: [PATCH] docs: Back ports #6682 to 0.21.x release branch (#6689)

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index c8214d7ff0..5f36b8c44b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,6 +12,7 @@ Canonical reference for changes, improvements, and bugfixes for Boundary.
 
 ### Security
 
+* Resolved a vulnerability (CVE-2026-7776) that could lead to a denial-of-service condition during TLS handshakes. For more information, refer to [Boundary Workers Vulnerable to Denial of Service During TLS Handshake](https://discuss.hashicorp.com/t/hcsec-2026-11-boundary-workers-vulnerable-to-denial-of-service-during-tls-handshake/77403).
 * Updated jackc/pgx/v5 dependency to v5.9.2 to address GHSA-j88v-2chj-qfwx, GO-2026-4771, GO-2026-4772, and GHSA-9jj7-4m8r-rfcm ([PR](https://github.com/hashicorp/boundary/pull/6607), [PR](https://github.com/hashicorp/boundary/pull/6617))
 * Updated Azure/go-ntlmssp dependency to v0.1.1 to address GHSA-pjcq-xvwq-hhpj ([PR](https://github.com/hashicorp/boundary/pull/6625))