diff --git a/_security/CVE-2023-43826.md b/_security/CVE-2023-43826.md
new file mode 100644
index 000000000..a1564c2aa
--- /dev/null
+++ b/_security/CVE-2023-43826.md
@@ -0,0 +1,15 @@
+---
+title: Integer overflow in handling of VNC image buffers
+cve:   CVE-2023-43826
+fixed: 1.5.4
+---
+
+Apache Guacamole 1.5.3 and older do not consistently ensure that values
+received from a VNC server will not result in integer overflow. If a user
+connects to a malicious or compromised VNC server, specially crafted data could
+result in memory corruption, possibly allowing arbitrary code to be executed
+with the privileges of the running guacd process.
+
+Acknowledgements: We would like to thank Joseph Surin and Matt Jones (Elttam)
+for reporting this issue.
+