diff --git a/CHANGELOG.md b/CHANGELOG.md
index ba937502b4..83ff7606ea 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,6 +12,7 @@ Canonical reference for changes, improvements, and bugfixes for Boundary.
 
 ### Security
 
+* Resolved a vulnerability (CVE-2026-7776) that could lead to a denial-of-service condition during TLS handshakes. For more information, refer to [Boundary Workers Vulnerable to Denial of Service During TLS Handshake](https://discuss.hashicorp.com/t/hcsec-2026-11-boundary-workers-vulnerable-to-denial-of-service-during-tls-handshake/77403).
 * Updated jackc/pgx/v5 dependency to v5.9.2 to address GHSA-j88v-2chj-qfwx, GO-2026-4771, GO-2026-4772, and GHSA-9jj7-4m8r-rfcm ([PR](https://github.com/hashicorp/boundary/pull/6607), [PR](https://github.com/hashicorp/boundary/pull/6617))
 * Updated Azure/go-ntlmssp dependency to v0.1.1 to address GHSA-pjcq-xvwq-hhpj ([PR](https://github.com/hashicorp/boundary/pull/6625))
 
@@ -56,11 +57,12 @@ Canonical reference for changes, improvements, and bugfixes for Boundary.
 
 ## 0.20.3 (2026/04/30)
 
-### New and Improved 
+### New and Improved
 * Added support for new `debug` flag to expose pprof endpoints for debugging purposes. ([PR](https://github.com/hashicorp/boundary/pull/6644))
 
 ### Security
 
+* Resolved a vulnerability (CVE-2026-7776) that could lead to a denial-of-service condition during TLS handshakes. For more information, refer to [Boundary Workers Vulnerable to Denial of Service During TLS Handshake](https://discuss.hashicorp.com/t/hcsec-2026-11-boundary-workers-vulnerable-to-denial-of-service-during-tls-handshake/77403).
 * Updated jackc/pgx/v5 dependency to v5.9.2 to address GHSA-j88v-2chj-qfwx, GO-2026-4771, GO-2026-4772, and GHSA-9jj7-4m8r-rfcm ([PR](https://github.com/hashicorp/boundary/pull/6607), [PR](https://github.com/hashicorp/boundary/pull/6617))
 * Updated Azure/go-ntlmssp dependency to v0.1.1 to address GHSA-pjcq-xvwq-hhpj ([PR](https://github.com/hashicorp/boundary/pull/6625))
 
@@ -128,6 +130,7 @@ Canonical reference for changes, improvements, and bugfixes for Boundary.
 
 ### Security
 
+* Resolved a vulnerability (CVE-2026-7776) that could lead to a denial-of-service condition during TLS handshakes. For more information, refer to [Boundary Workers Vulnerable to Denial of Service During TLS Handshake](https://discuss.hashicorp.com/t/hcsec-2026-11-boundary-workers-vulnerable-to-denial-of-service-during-tls-handshake/77403).
 * Updated jackc/pgx/v5 dependency to v5.9.2 to address GHSA-j88v-2chj-qfwx, GO-2026-4771, GO-2026-4772, and GHSA-9jj7-4m8r-rfcm ([PR](https://github.com/hashicorp/boundary/pull/6607), [PR](https://github.com/hashicorp/boundary/pull/6617))
 * Updated Azure/go-ntlmssp dependency to v0.1.1 to address GHSA-pjcq-xvwq-hhpj ([PR](https://github.com/hashicorp/boundary/pull/6625))