diff --git a/docs/CVE-2024-9681.md b/docs/CVE-2024-9681.md
index c47d71aecc..6849f3c2fb 100644
--- a/docs/CVE-2024-9681.md
+++ b/docs/CVE-2024-9681.md
@@ -42,7 +42,7 @@ was otherwise intended to *possibly* be protected.
 But:
 
 `example.com` as per above is deliberately setup for HSTS, and servers should
-probably expect that clients will try upgrading to HTTPS for a while outside
+probably expect that clients migth try upgrading to HTTPS for a while outside
 of the time range set in its headers.
 
 The access that fails in this scenario tries to use plain HTTP to the domain.