diff --git a/content/issues/2024-03-29-cve-2024-3094.md b/content/issues/2024-03-29-cve-2024-3094.md
index 48626e97..05c80f0d 100644
--- a/content/issues/2024-03-29-cve-2024-3094.md
+++ b/content/issues/2024-03-29-cve-2024-3094.md
@@ -8,6 +8,14 @@ affected:
 section: issue
 ---
 
+### Update - 2024-03-30
+
+Further analysis of the exploit code indicates that it is only functional on amd64 hardware running glibc and a deb or rpm-based Linux distribution. The original CISA alert stated that the exploit could allow remote code execution, however, it remains unclear exactly what the payload was intended to do and so they have changed their description to "may allow unauthorized access to affected systems".
+
+As best we can tell at this point, none of our images were or are impacted by this vulnerability, but our original recommendations remain in place.
+
+### Original Post
+
 A supply chain compromise has been discovered in the XZ Utils data compression library, being tracked under [CVE-2024-3094](https://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094), which could allow remote code execution under certain circumstances. The original report is available [here](https://www.openwall.com/lists/oss-security/2024/03/29/4) if you are interested in the technical details.
 
 We have evaluated all of our current base images for indications that they may be vulnerable to this exploit: