diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 8ce48edab..390cace1d 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -77,6 +77,7 @@ catalogs:
       version: 3.1.1
 
 overrides:
+  immutable@>=5.0.0 <5.1.5: 5.1.5
   path-to-regexp@<0.1.12: 0.1.12
   minimatch@<3.1.4: 3.1.4
   axios@<1.13.5: 1.13.5
@@ -6158,8 +6159,8 @@ packages:
   immer@9.0.21:
     resolution: {integrity: sha512-bc4NBHqOqSfRW7POMkHd51LvClaeMXpm8dx0e8oE2GORbq5aRK7Bxl4FyzVLdGtLmvLKL7BTDBG5ACQm4HWjTA==}
 
-  immutable@5.1.4:
-    resolution: {integrity: sha512-p6u1bG3YSnINT5RQmx/yRZBpenIl30kVxkTLDyHLIMk0gict704Q9n+thfDI7lTRm9vXdDYutVzXhzcThxTnXA==}
+  immutable@5.1.5:
+    resolution: {integrity: sha512-t7xcm2siw+hlUM68I+UEOK+z84RzmN59as9DZ7P1l0994DKUWV7UXBMQZVxaoMSRQ+PBZbHCOoBt7a2wxOMt+A==}
 
   import-fresh@3.3.1:
     resolution: {integrity: sha512-TR3KfrTZTYLPB6jUjfx6MF9WcWrHL9su5TObK4ZkYgBdWKPOFoSoQIdEuTuR82pmtxH2spWG9h6etwfr1pLBqQ==}
@@ -16167,7 +16168,7 @@ snapshots:
 
   immer@9.0.21: {}
 
-  immutable@5.1.4: {}
+  immutable@5.1.5: {}
 
   import-fresh@3.3.1:
     dependencies:
@@ -18596,7 +18597,7 @@ snapshots:
     dependencies:
       '@bufbuild/protobuf': 2.11.0
       colorjs.io: 0.5.2
-      immutable: 5.1.4
+      immutable: 5.1.5
       rxjs: 7.8.2
       supports-color: 8.1.1
       sync-child-process: 1.0.2
@@ -18624,7 +18625,7 @@ snapshots:
   sass@1.97.3:
     dependencies:
       chokidar: 4.0.3
-      immutable: 5.1.4
+      immutable: 5.1.5
       source-map-js: 1.2.1
     optionalDependencies:
       '@parcel/watcher': 2.5.6
diff --git a/pnpm-workspace.yaml b/pnpm-workspace.yaml
index 17494dc7f..a7e20683b 100644
--- a/pnpm-workspace.yaml
+++ b/pnpm-workspace.yaml
@@ -2,6 +2,9 @@ overrides:
   # Fix CVE-2024-45296 / GHSA-9wv6-86v2-598j and CVE-2024-52798 / GHSA-rhx6-c78j-4q9w: path-to-regexp ReDoS vulnerability
   # Transitive via mintlify -> @mintlify/previewing -> express@4.18.2
   "path-to-regexp@<0.1.12": "0.1.12"
+  # Fix CVE-2026-29063 / GHSA-wf6x-7x77-mvgw: immutable Prototype Pollution vulnerability
+  # Transitive via sass and sass-embedded
+  "immutable@>=5.0.0 <5.1.5": "5.1.5"
   # Fix CVE-2026-26996 / GHSA-3ppc-4f35-3m26: minimatch ReDoS vulnerability
   # Transitive via @stoplight/spectral-core
   "minimatch@<3.1.3": "3.1.5"