diff --git a/CHANGELOG.md b/CHANGELOG.md
index 593e735db..c65dc4f02 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,6 +10,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Added
 - Added per-step token cost tracking and estimated tool call token usage to Ask Sourcebot chat history. [#1353](https://github.com/sourcebot-dev/sourcebot/pull/1353)
 
+### Fixed
+- Pinned `expat` to `^2.8.1-r0` in the Docker image to address CVE-2026-45186. [#1355](https://github.com/sourcebot-dev/sourcebot/pull/1355)
+
 ## [5.0.4] - 2026-06-18
 
 ### Changed
diff --git a/Dockerfile b/Dockerfile
index 6c6b2439f..56e979ec2 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -178,7 +178,9 @@ ENV SOURCEBOT_LOG_LEVEL=info
 # ENV SOURCEBOT_TELEMETRY_DISABLED=1
 
 # Configure dependencies
-RUN apk add --no-cache git ca-certificates bind-tools tini jansson wget supervisor uuidgen curl perl jq openssl util-linux unzip && \
+# Note: expat is pinned to >=2.8.1-r0 to address CVE-2026-45186 (libexpat
+# denial of service via crafted XML input).
+RUN apk add --no-cache git ca-certificates bind-tools tini jansson wget supervisor uuidgen curl perl jq openssl util-linux unzip "expat>=2.8.1-r0" && \
     apk upgrade --no-cache
 
 # Remove npm (unused — we use Yarn). The Node.js base image bundles npm