diff --git a/ChangeLog.d/mpi_exp_mod-zero.txt b/ChangeLog.d/mpi_exp_mod-zero.txt
new file mode 100644
index 000000000..9df9031a9
--- /dev/null
+++ b/ChangeLog.d/mpi_exp_mod-zero.txt
@@ -0,0 +1,7 @@
+Bugfix
+   * Fix a null pointer dereference when mbedtls_mpi_exp_mod() was called with
+     A=0 represented with 0 limbs. Up to and including Mbed TLS 2.26, this bug
+     could not be triggered by code that constructed A with one of the
+     mbedtls_mpi_read_xxx functions (including in particular TLS code) since
+     those always built an mpi object with at least one limb.
+     Credit to OSS-Fuzz. Fixes #4641.