diff --git a/docs/releasenotes/10.0.0.rst b/docs/releasenotes/10.0.0.rst
index 06acfc7afd2..a3f238119f0 100644
--- a/docs/releasenotes/10.0.0.rst
+++ b/docs/releasenotes/10.0.0.rst
@@ -173,8 +173,8 @@ been processed before Pillow started checking for decompression bombs.
 Added ImageFont.MAX_STRING_LENGTH
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-To protect against potential DOS attacks when using arbitrary strings as text
-input, Pillow will now raise a ``ValueError`` if the number of characters
+:cve:`2023-44271`: To protect against potential DOS attacks when using arbitrary strings as text
+input, Pillow will now raise a :py:exc:`ValueError` if the number of characters
 passed into ImageFont methods is over a certain limit,
 :py:data:`PIL.ImageFont.MAX_STRING_LENGTH`.