diff --git a/README.md b/README.md
index 8c69fa6910..05633241c1 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,6 @@
+# Security Vulnerability Found
+IdentityServer4 contains a known Open Redirect vulnerability (CVE-2024-39694) that we do not intend to address. Please see [the security advisory](https://github.com/IdentityServer/IdentityServer4/security/advisories/GHSA-55p7-v223-x366) for more details and consider upgrading to [Duende.IdentityServer](www.duendesoftware.com).
+
 # Important update
 This project is not maintained anymore. This repo will be archived when .NET Core 3.1 end of support is reached (13th Dec 2022). All new development is happening in the new [Duende Software](https://github.com/duendesoftware) organization.