diff --git a/README.md b/README.md
index c8741dd..10a9e5f 100644
--- a/README.md
+++ b/README.md
@@ -12,6 +12,8 @@ Discovered & reported by: [Astaruf](https://www.linkedin.com/in/lorenzoanastasi/
 
 Full writeup: [https://nstsec.com/en/posts/postiz-xss-cve-2026-40487/](https://nstsec.com/en/posts/postiz-xss-cve-2026-40487/)
 
+NVD entry: [https://nvd.nist.gov/vuln/detail/CVE-2026-40487](https://nvd.nist.gov/vuln/detail/CVE-2026-40487)
+
 GHSA entry: [https://github.com/gitroomhq/postiz-app/security/advisories/GHSA-44wg-r34q-hvfx](https://github.com/gitroomhq/postiz-app/security/advisories/GHSA-44wg-r34q-hvfx)
 
 CVE Record: [https://www.cve.org/CVERecord?id=CVE-2026-40487](https://www.cve.org/CVERecord?id=CVE-2026-40487)
@@ -288,6 +290,7 @@ Version 2.21.6 introduced three changes:
 
 - [Full Astaruf writeup](https://nstsec.com/en/posts/postiz-xss-cve-2026-40487/)
 - [CVE-2026-40487 - GHSA Security Advisory](https://github.com/gitroomhq/postiz-app/security/advisories)
+- [CVE-2026-40487 - NVD entry](https://nvd.nist.gov/vuln/detail/CVE-2026-40487)
 - [Postiz - Official Repository](https://github.com/gitroomhq/postiz-app)
 - [Postiz v2.21.6 - Fix Release](https://github.com/gitroomhq/postiz-app/releases/tag/v2.21.6)
 - [CWE-345: Insufficient Verification of Data Authenticity](https://cwe.mitre.org/data/definitions/345.html)