diff --git a/Dockerfile b/Dockerfile
index 8e49a4b..100f316 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -167,6 +167,7 @@ RUN mkdir -p $WPR_CERT_DIR && chown ${WPR_FILE_OWNER} $WPR_CERT_DIR
 COPY --chown=${WPR_FILE_OWNER} $WPR_FILES_DIR/certificate/ $WPR_CERT_DIR/
 COPY --chown=${WPR_FILE_OWNER} $WPR_FILES_DIR/configure* $WPR_APP_SERVER_DIR/
 COPY --chown=${WPR_FILE_OWNER} $WPR_FILES_DIR/startService.sh $WPR_APP_SERVER_DIR
+COPY --chown=${WPR_FILE_OWNER} $WPR_FILES_DIR/opennlp-cves.vex.json /opt/vex/opennlp-cves.vex.json
 
 RUN chmod +x $WPR_APP_SERVER_DIR/startService.sh
 
diff --git a/opennlp-cves.vex.json b/opennlp-cves.vex.json
new file mode 100644
index 0000000..d9e58ed
--- /dev/null
+++ b/opennlp-cves.vex.json
@@ -0,0 +1,39 @@
+{
+  "@context": "https://openvex.dev/ns/v0.2.0",
+  "@id": "https://webspellchecker.com/vex/wproofreader-opennlp-2026-05-11",
+  "author": "WebSpellChecker <support@webspellchecker.net>",
+  "timestamp": "2026-05-11T00:00:00Z",
+  "version": 1,
+  "statements": [
+    {
+      "vulnerability": { "name": "CVE-2026-42027" },
+      "products": [
+        {
+          "@id": "pkg:maven/org.apache.opennlp/opennlp-tools@1.9.4"
+        }
+      ],
+      "status": "not_affected",
+      "justification": "vulnerable_code_cannot_be_controlled_by_adversary"
+    },
+    {
+      "vulnerability": { "name": "CVE-2026-40682" },
+      "products": [
+        {
+          "@id": "pkg:maven/org.apache.opennlp/opennlp-tools@1.9.4"
+        }
+      ],
+      "status": "not_affected",
+      "justification": "vulnerable_code_cannot_be_controlled_by_adversary"
+    },
+    {
+      "vulnerability": { "name": "CVE-2026-42440" },
+      "products": [
+        {
+          "@id": "pkg:maven/org.apache.opennlp/opennlp-tools@1.9.4"
+        }
+      ],
+      "status": "not_affected",
+      "justification": "vulnerable_code_cannot_be_controlled_by_adversary"
+    }
+  ]
+}