diff --git a/pom.xml b/pom.xml
index 87b39e6d544..7c515c939e1 100644
--- a/pom.xml
+++ b/pom.xml
@@ -134,7 +134,7 @@
 
     <tomcat.version>8.5.100-TT.1</tomcat.version>
 
-    <cxf.version>3.1.19-TT.8</cxf.version>
+    <cxf.version>3.1.19-TT.9</cxf.version>
     <version.shrinkwrap.shrinkwrap>1.2.6</version.shrinkwrap.shrinkwrap>
     <version.shrinkwrap.descriptor>2.0.0</version.shrinkwrap.descriptor>
     <version.arquillian>1.1.13.Final</version.arquillian>
diff --git a/tomee/apache-tomee/src/main/resources/META-INF/release_notes/RELEASE-NOTES-EAP-7.0.x b/tomee/apache-tomee/src/main/resources/META-INF/release_notes/RELEASE-NOTES-EAP-7.0.x
index caecc86e640..23c551ea78f 100644
--- a/tomee/apache-tomee/src/main/resources/META-INF/release_notes/RELEASE-NOTES-EAP-7.0.x
+++ b/tomee/apache-tomee/src/main/resources/META-INF/release_notes/RELEASE-NOTES-EAP-7.0.x
@@ -4,6 +4,7 @@
 * Update to Tomcat 8.5.100-TT.1 to mitigate regression introduced by f29b3127049c1275d02ea0c1dab17b97dd912f5f
 * Update to Tomcat 8.5.100 to Mitigate CVE-2024-23672 and CVE-2024-24549
 * Update jose4j 0.9.6 to mitigate CVE-2023-51775
+* Update to CXF 3.1.19-TT.9 to mitigate CVE-2024-28752
 
 === Changes in TomEE EAP 7.1.5-TT.24
 * Update to Tomcat 8.5.96 to mitigate CVE-2023-42795