diff --git a/src/mte_tag.adoc b/src/mte_tag.adoc
index 1d50cc7..55b5186 100644
--- a/src/mte_tag.adoc
+++ b/src/mte_tag.adoc
@@ -315,6 +315,13 @@ can choose to enable on per-page basis. Furthermore, this allows software to
 enable memory tagging only for heap.
 ====
 
+[NOTE]
+====
+Cache Management Operations (CMOs) must respect and take into account memory tagging extension. Otherwise, serious security problems can appear, including:
+
+* CBO.ZERO may work as a STORE operation. If memory tagging is not respected, it would be possible to write to memory bypassing the tag enforcement.
+====
+
 [[TAGCHECK_ELIDE]]
 === Per-pointer tag check elision