diff --git a/action.yml b/action.yml
index b2777af..d6ea623 100644
--- a/action.yml
+++ b/action.yml
@@ -418,7 +418,7 @@ runs:
     # SHA pin per Marketplace SC002 hygiene; bump via Dependabot.
     - name: Upload SARIF to GitHub Advanced Security
       if: always() && inputs.enable_upload == 'true'
-      uses: github/codeql-action/upload-sarif@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
+      uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
       with:
         sarif_file: ${{ steps.merge.outputs.sarif_path }}
         category:   bos-code-scanning-kit