diff --git a/api/v1/fluxinstance_types.go b/api/v1/fluxinstance_types.go
index 7a5d1e7..2342a78 100644
--- a/api/v1/fluxinstance_types.go
+++ b/api/v1/fluxinstance_types.go
@@ -83,6 +83,13 @@ type Distribution struct {
 	// to use for pulling images.
 	// +optional
 	ImagePullSecret string `json:"imagePullSecret,omitempty"`
+
+	// Artifact is the URL to the OCI artifact containing
+	// the latest Kubernetes manifests for the distribution,
+	// e.g. 'oci://ghcr.io/controlplaneio-fluxcd/flux-operator-manifests:latest'.
+	// +kubebuilder:validation:Pattern="^oci://.*$"
+	// +optional
+	Artifact string `json:"manifestsURL,omitempty"`
 }
 
 // Component is the name of a controller to install.
diff --git a/config/crd/bases/fluxcd.controlplane.io_fluxinstances.yaml b/config/crd/bases/fluxcd.controlplane.io_fluxinstances.yaml
index 5a69ae1..f24d3d0 100644
--- a/config/crd/bases/fluxcd.controlplane.io_fluxinstances.yaml
+++ b/config/crd/bases/fluxcd.controlplane.io_fluxinstances.yaml
@@ -110,6 +110,13 @@ spec:
                       ImagePullSecret is the name of the Kubernetes secret
                       to use for pulling images.
                     type: string
+                  manifestsURL:
+                    description: |-
+                      Artifact is the URL to the OCI artifact containing
+                      the latest Kubernetes manifests for the distribution,
+                      e.g. 'oci://ghcr.io/controlplaneio-fluxcd/flux-operator-manifests:latest'.
+                    pattern: ^oci://.*$
+                    type: string
                   registry:
                     description: |-
                       Registry address to pull the distribution images from
diff --git a/docs/api/v1/fluxinstance.md b/docs/api/v1/fluxinstance.md
index f601f90..8badc9e 100644
--- a/docs/api/v1/fluxinstance.md
+++ b/docs/api/v1/fluxinstance.md
@@ -233,6 +233,23 @@ kubectl create secret docker-registry flux-enterprise-auth \
   --docker-password=$ENTERPRISE_TOKEN
 ```
 
+#### Distribution artifact
+
+The `.spec.distribution.artifact` field is optional and specifies the OCI artifact URL
+containing the Flux distribution manifests. When specified, the operator will pull the
+artifact on a regular interval to determine the latest Flux version available
+including CVE patches and hotfixes.
+
+Example using the official distribution artifact:
+
+```yaml
+spec:
+  distribution:
+    version: "2.x"
+    registry: "ghcr.io/fluxcd"
+    artifact: "oci://ghcr.io/controlplaneio-fluxcd/flux-operator-manifests"
+```
+
 ### Components configuration
 
 The `.spec.components` field is optional and specifies the list of Flux components to install.