diff --git a/src/docs/asciidoc/web/webflux-cors.adoc b/src/docs/asciidoc/web/webflux-cors.adoc
index 66d6e738d47..d981d41d2a9 100644
--- a/src/docs/asciidoc/web/webflux-cors.adoc
+++ b/src/docs/asciidoc/web/webflux-cors.adoc
@@ -233,6 +233,11 @@ You can apply CORS support through the built-in
 {api-spring-framework}/web/cors/reactive/CorsWebFilter.html[`CorsWebFilter`], which is a
 good fit with <<webflux-fn,functional endpoints>>.
 
+NOTE: If you try to use the `CorsFilter` with Spring Security, keep in mind that Spring
+Security has
+https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#cors[built-in support]
+for CORS.
+
 To configure the filter, you can declare a `CorsWebFilter` bean and pass a
 `CorsConfigurationSource` to its constructor, as the following example shows: