diff --git a/pyproject.toml b/pyproject.toml
index 79f2d06..ba9af80 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -44,10 +44,10 @@ dependencies = [
   # No upper bound - certificate bundle updates are backward compatible
   "certifi>=2024.12.14",
 
-  # cryptography: Minimum 46.0.5 includes fix for CVE-2026-26007 (elliptic curve subgroup validation)
-  # and earlier fixes for CVE-2024-26130 (NULL pointer dereference with pkcs12)
+  # cryptography: Minimum 46.0.7 includes fix for buffer overflow with non-contiguous buffers (GHSA),
+  # plus CVE-2026-26007 (elliptic curve subgroup validation) and CVE-2024-26130 (NULL pointer dereference with pkcs12)
   # No upper bound - follows SemVer, removing restrictive constraint to prevent dependency conflicts
-  "cryptography>=46.0.5",
+  "cryptography>=46.0.7",
 
   # packaging: Minimum 24.2 provides required version parsing functionality
   # No upper bound - stable API, backward compatible
diff --git a/requirements.txt b/requirements.txt
index 123cb3f..29fa118 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -6,7 +6,7 @@
 
 aiohttp==3.13.4
 certifi==2026.2.25
-cryptography==46.0.6
+cryptography==46.0.7
 packaging==26.0
 pint==0.25.3; python_version > "3.10"
 pint==0.24.4; python_version <= "3.10"