diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 374ed19ff..c7167fc6b 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -78,6 +78,7 @@ catalogs:
 
 overrides:
   path-to-regexp@<0.1.10: 0.1.10
+  minimatch@<3.1.4: 3.1.4
   axios@>=1.0.0 <=1.13.4: 1.13.5
   svgo@>=3.0.0 <3.3.3: 3.3.3
   minimatch@<3.1.3: 3.1.4
diff --git a/pnpm-workspace.yaml b/pnpm-workspace.yaml
index 855759fea..efe803e5e 100644
--- a/pnpm-workspace.yaml
+++ b/pnpm-workspace.yaml
@@ -2,6 +2,9 @@ overrides:
   # Fix CVE-2024-45296 / GHSA-9wv6-86v2-598j: path-to-regexp ReDoS vulnerability
   # Transitive via mintlify -> @mintlify/previewing -> express@4.18.2
   "path-to-regexp@<0.1.10": "0.1.10"
+  # Fix CVE-2026-27904 / GHSA-23c5-xmqv-rm74: minimatch ReDoS vulnerability
+  # Transitive via @stoplight/spectral-core
+  "minimatch@<3.1.4": "3.1.4"
   # Fix CVE-2026-25639 / GHSA-43fc-jf86-j433: axios DoS via __proto__ in mergeConfig
   # Transitive via mintlify -> @mintlify/models
   "axios@>=1.0.0 <=1.13.4": "1.13.5"