diff --git a/src/lib/features/context/context-service.ts b/src/lib/features/context/context-service.ts
index da67f4d4632d..db4dd29444e1 100644
--- a/src/lib/features/context/context-service.ts
+++ b/src/lib/features/context/context-service.ts
@@ -20,9 +20,10 @@ import {
 } from '../../types';
 import type { IPrivateProjectChecker } from '../private-project/privateProjectCheckerType';
 import type EventService from '../events/event-service';
-import { contextSchema } from '../../services/context-schema';
+import { contextSchema, legalValueSchema } from '../../services/context-schema';
 import { NameExistsError } from '../../error';
 import { nameSchema } from '../../schema/feature-schema';
+import type { LegalValueSchema } from '../../openapi';
 
 class ContextService {
     private eventService: EventService;
@@ -126,7 +127,6 @@ class ContextService {
         );
         const value = await contextSchema.validateAsync(updatedContextField);
 
-        // update
         await this.contextFieldStore.update(value);
 
         const { createdAt, sortOrder, ...previousContextField } = contextField;
@@ -140,6 +140,45 @@ class ContextService {
         });
     }
 
+    async updateContextFieldLegalValue(
+        contextFieldLegalValue: { name: string; legalValue: LegalValueSchema },
+        auditUser: IAuditUser,
+    ): Promise<void> {
+        const contextField = await this.contextFieldStore.get(
+            contextFieldLegalValue.name,
+        );
+        const validatedLegalValue = await legalValueSchema.validateAsync(
+            contextFieldLegalValue.legalValue,
+        );
+
+        const legalValues = contextField.legalValues
+            ? [...contextField.legalValues]
+            : [];
+
+        const existingIndex = legalValues.findIndex(
+            (legalvalue) => legalvalue.value === validatedLegalValue.value,
+        );
+
+        if (existingIndex !== -1) {
+            legalValues[existingIndex] = validatedLegalValue;
+        } else {
+            legalValues.push(validatedLegalValue);
+        }
+
+        const newContextField = { ...contextField, legalValues };
+
+        await this.contextFieldStore.update(newContextField);
+
+        await this.eventService.storeEvent({
+            type: CONTEXT_FIELD_UPDATED,
+            createdBy: auditUser.username,
+            createdByUserId: auditUser.id,
+            ip: auditUser.ip,
+            preData: contextField,
+            data: newContextField,
+        });
+    }
+
     async deleteContextField(
         name: string,
         auditUser: IAuditUser,
diff --git a/src/lib/features/context/context.test.ts b/src/lib/features/context/context.test.ts
index 0ed95aab4371..a1cb282acde4 100644
--- a/src/lib/features/context/context.test.ts
+++ b/src/lib/features/context/context.test.ts
@@ -151,6 +151,59 @@ test('should update a context field with new legal values', () => {
         .expect(200);
 });
 
+test('should add and update a single context field with new legal values', async () => {
+    expect.assertions(1);
+
+    // non existent context
+    await request
+        .post(`${base}/api/admin/context/doesntexist/legalValues`)
+        .send({
+            value: 'local',
+            description: 'Local environment',
+        })
+        .set('Content-Type', 'application/json')
+        .expect(404);
+
+    // invalid schema
+    await request
+        .post(`${base}/api/admin/context/environment/legal-values`)
+        .send({
+            valueInvalid: 'invalid schema',
+            description: 'Local environment',
+        })
+        .set('Content-Type', 'application/json')
+        .expect(400);
+
+    // add a new context field legal value
+    await request
+        .post(`${base}/api/admin/context/environment/legal-values`)
+        .send({
+            value: 'newvalue',
+            description: 'new description',
+        })
+        .set('Content-Type', 'application/json')
+        .expect(200);
+
+    // update existing context field legal value description
+    await request
+        .post(`${base}/api/admin/context/environment/legal-values`)
+        .send({
+            value: 'newvalue',
+            description: 'updated description',
+        })
+        .set('Content-Type', 'application/json')
+        .expect(200);
+
+    const { body } = await request.get(`${base}/api/admin/context/environment`);
+
+    expect(body).toMatchObject({
+        name: 'environment',
+        legalValues: [
+            { value: 'newvalue', description: 'updated description' },
+        ],
+    });
+});
+
 test('should not delete a unknown context field', () => {
     expect.assertions(0);
 
diff --git a/src/lib/features/context/context.ts b/src/lib/features/context/context.ts
index f6a9381a198e..20e28f062b0e 100644
--- a/src/lib/features/context/context.ts
+++ b/src/lib/features/context/context.ts
@@ -39,6 +39,7 @@ import {
 import type { UpdateContextFieldSchema } from '../../openapi/spec/update-context-field-schema';
 import type { CreateContextFieldSchema } from '../../openapi/spec/create-context-field-schema';
 import { extractUserIdFromUser } from '../../util';
+import type { LegalValueSchema } from '../../openapi';
 
 interface ContextParam {
     contextField: string;
@@ -168,6 +169,25 @@ export class ContextController extends Controller {
             ],
         });
 
+        this.route({
+            method: 'post',
+            path: '/:contextField/legal-values',
+            handler: this.updateContextFieldLegalValue,
+            permission: UPDATE_CONTEXT_FIELD,
+            middleware: [
+                openApiService.validPath({
+                    tags: ['Context'],
+                    summary: 'Add or update legal value for the context field',
+                    description: `Endpoint that allows adding or updating a single custom context field legal value. If the legal value already exists, it will be updated with the new description`,
+                    operationId: 'updateContextFieldLegalValue',
+                    requestBody: createRequestSchema('legalValueSchema'),
+                    responses: {
+                        200: emptyResponse,
+                    },
+                }),
+            ],
+        });
+
         this.route({
             method: 'delete',
             path: '/:contextField',
@@ -271,6 +291,20 @@ export class ContextController extends Controller {
         res.status(200).end();
     }
 
+    async updateContextFieldLegalValue(
+        req: IAuthRequest<ContextParam, void, LegalValueSchema>,
+        res: Response,
+    ): Promise<void> {
+        const name = req.params.contextField;
+        const legalValue = req.body;
+
+        await this.contextService.updateContextFieldLegalValue(
+            { name, legalValue },
+            req.audit,
+        );
+        res.status(200).end();
+    }
+
     async deleteContextField(
         req: IAuthRequest<ContextParam>,
         res: Response,
diff --git a/src/lib/services/context-schema.ts b/src/lib/services/context-schema.ts
index 081962949884..9f20ad3e620f 100644
--- a/src/lib/services/context-schema.ts
+++ b/src/lib/services/context-schema.ts
@@ -3,7 +3,7 @@ import { nameType } from '../routes/util';
 
 export const nameSchema = joi.object().keys({ name: nameType });
 
-const legalValueSchema = joi.object().keys({
+export const legalValueSchema = joi.object().keys({
     value: joi.string().min(1).max(100).required(),
     description: joi.string().allow('').allow(null).optional(),
 });