diff --git a/gems/decidim-core/CVE-2026-23891.yml b/gems/decidim-core/CVE-2026-23891.yml
index ea0392327b..69c821ea2f 100644
--- a/gems/decidim-core/CVE-2026-23891.yml
+++ b/gems/decidim-core/CVE-2026-23891.yml
@@ -31,11 +31,14 @@ description: |
   [octree](https://octree.ch/) and made by
   [Secu Labs](https://seculabs.ch/) against Decidim financed
   by the city of Lausanne (Switzerland).
+cvss_v3: 8.7
+cvss_v4: 9.3
 patched_versions:
   - "~> 0.30.5"
   - ">= 0.31.1"
 related:
   url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2026-23891
     - https://github.com/decidim/decidim/releases/tag/v0.31.1
     - https://github.com/decidim/decidim/releases/tag/v0.30.5
     - https://github.com/decidim/decidim/security/advisories/GHSA-fc46-r95f-hq7g