diff --git a/CHANGELOG.md b/CHANGELOG.md
index 215527b2070..ddd3981c5ef 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,7 +7,15 @@ and this project adheres to [Semantic Versioning](https://semver.org).
 
 ## [Unreleased]
 
-## [Zebra 4.3](https://github.com/ZcashFoundation/zebra/releases/tag/v4.3) - 2026-03-12
+## [Zebra 4.3.0](https://github.com/ZcashFoundation/zebra/releases/tag/v4.3) - 2026-03-12
+
+This release fixes **two important security issues**:
+
+- [CVE-2026-34202: Remote Denial of Service via Crafted V5 Transactions](https://github.com/ZcashFoundation/zebra/security/advisories/GHSA-qp6f-w4r3-h8wg)
+- [CVE-2026-34377: Consensus Failure via Crafted V5 Authorization Data](https://github.com/ZcashFoundation/zebra/security/advisories/GHSA-3vmh-33xr-9cqh)
+
+We recommend node operators to update to 4.3.0 as soon as possible. All previous
+Zebra versions are vulnerable to these issues.
 
 This release adds support for [ZIP-235](https://zips.z.cash/zip-0235) and
 extends the documentation on performance profiling. It also fixes issues with
diff --git a/zebra-chain/CHANGELOG.md b/zebra-chain/CHANGELOG.md
index 89420970b03..c3a4cede5ee 100644
--- a/zebra-chain/CHANGELOG.md
+++ b/zebra-chain/CHANGELOG.md
@@ -9,6 +9,15 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [6.0.1] - 2026-03-26
 
+This release fixes an important security issue:
+
+- [CVE-2026-34202: Remote Denial of Service via Crafted V5 Transactions](https://github.com/ZcashFoundation/zebra/security/advisories/GHSA-qp6f-w4r3-h8wg)
+
+The impact of the issue for crate users will depend on the particular usage;
+if you use zebra-chain to parse untrusted transactions, a particularly crafted
+transaction will raise a panic which will crash your application; you should
+update.
+
 ### Fixed
 
 - Fixed miner subsidy computation.
diff --git a/zebra-consensus/CHANGELOG.md b/zebra-consensus/CHANGELOG.md
index a35e69f62e2..9e164581fa4 100644
--- a/zebra-consensus/CHANGELOG.md
+++ b/zebra-consensus/CHANGELOG.md
@@ -9,6 +9,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [5.0.1] - 2026-03-25
 
+This release fixes an important security issue:
+
+- [CVE-2026-34377: Consensus Failure via Crafted V5 Authorization Data](https://github.com/ZcashFoundation/zebra/security/advisories/GHSA-3vmh-33xr-9cqh)
+
+The impact of the issue for crate users will depend on the particular usage;
+if you use it as a building block for a node, you should update.
+
 ### Added
 
 - ZIP-235 support under the `zcash_unstable = "zip235"` flag