diff --git a/ChangeLog.txt b/ChangeLog.txt
index bf9b09fd..e6c2069d 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -2,10 +2,9 @@
 ==================
 
 Security:
-- CVE-xxxx-xxxx: If an authenticated client connected with MQTT v5 sent a
+- CVE-2021-23980: If an authenticated client connected with MQTT v5 sent a
   malformed CONNACK message to the broker a NULL pointer dereference occurred,
-  most likely resulting in a segfault. This will be updated with the CVE
-  number when it is assigned.
+  most likely resulting in a segfault.
   Affects versions 2.0.0 to 2.0.9 inclusive.
 
 Broker:
diff --git a/www/pages/security.md b/www/pages/security.md
index 541612b9..44cd1f7c 100644
--- a/www/pages/security.md
+++ b/www/pages/security.md
@@ -19,7 +19,7 @@ follow the steps on [Eclipse Security] page to report it.
 Listed with most recent first. Further information on security related issues
 can be found in the [security category].
 
-* April 2021: CVE-xxxx-xxxx Affecting versions **2.0.0** to **2.0.9**
+* April 2021: [CVE-2021-28166] Affecting versions **2.0.0** to **2.0.9**
   inclusive, fixed in **2.0.10**.
 * December 2020: Running mosquitto_passwd with the following arguments only
   `mosquitto_passwd -b password_file username password` would cause the
@@ -69,6 +69,7 @@ can be found in the [security category].
 [Eclipse Security]: https://www.eclipse.org/security/
 [security category]: /blog/categories/security/
 
+[CVE-2021-28166]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28166
 [CVE-2019-11779]: https://nvd.nist.gov/vuln/detail/CVE-2019-11779
 [CVE-2019-11778]: https://nvd.nist.gov/vuln/detail/CVE-2019-11778
 [CVE-2018-20145]: https://nvd.nist.gov/vuln/detail/CVE-2018-20145
diff --git a/www/posts/2021/04/version-2-0-10-released.md b/www/posts/2021/04/version-2-0-10-released.md
index 26d449bb..096dc7ab 100644
--- a/www/posts/2021/04/version-2-0-10-released.md
+++ b/www/posts/2021/04/version-2-0-10-released.md
@@ -13,7 +13,7 @@ Versions 2.0.10 of Mosquitto has been released. This is a security and bugfix
 release.
 
 # Security
-- CVE-xxxx-xxxx: If an authenticated client connected with MQTT v5 sent a
+- [CVE-2021-23980]: If an authenticated client connected with MQTT v5 sent a
   malformed CONNACK message to the broker a NULL pointer dereference occurred,
   most likely resulting in a segfault. This will be updated with the CVE
   number when it is assigned.
@@ -41,6 +41,7 @@ release.
 - Fix CMake cross compile builds not finding opensslconf.h. Closes [#2160].
 - Fix build on Solaris non-sparc. Closes [#2136].
 
+[CVE-2021-23980]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28166
 [#2134]: https://github.com/eclipse/mosquitto/issues/2134
 [#2136]: https://github.com/eclipse/mosquitto/issues/2136
 [#2152]: https://github.com/eclipse/mosquitto/issues/2152