diff --git a/documentation/ref-manual/variables.rst b/documentation/ref-manual/variables.rst
index 0fcf81299..4341e27fc 100644
--- a/documentation/ref-manual/variables.rst
+++ b/documentation/ref-manual/variables.rst
@@ -8710,6 +8710,19 @@ system and gives an overview of their function and contents.
       -  ``both``: recipes are scanned in both their target and
          :ref:`ref-classes-native` context
 
+   :term:`SBOM_CVE_CHECK_SHOW_WARNINGS`
+      When inheriting the :ref:`ref-classes-sbom-cve-check` class, this
+      variable controls whether to show warnings when CVEs with the
+      ``Unpatched`` status are found. Example output:
+
+      .. code-block:: text
+
+         WARNING: core-image-minimal-1.0-r0 do_sbom_cve_check: glibc-2.43+git: Found unpatched CVEs: CVE-2010-4756
+
+      Set to "1" to show the warnings, "0" otherwise.
+
+      See :doc:`/security-manual/vulnerabilities` for more information.
+
    :term:`SDK_ARCH`
       The target architecture for the SDK. Typically, you do not directly
       set this variable. Instead, use :term:`SDKMACHINE`.