diff --git a/AUTHORS b/AUTHORS
index 2f8e26b2cb1..915ad17ae18 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -423,6 +423,7 @@ Samuele Pedroni
 Sanket Duthade
 Sankt Petersbug
 Saravanan Padmanaban
+Scott Ratchford
 Sean Malloy
 Segev Finer
 Serhii Mozghovyi
diff --git a/changelog/14359.improvement.rst b/changelog/14359.improvement.rst
new file mode 100644
index 00000000000..2d786226e5f
--- /dev/null
+++ b/changelog/14359.improvement.rst
@@ -0,0 +1,2 @@
+Updated pygments requirement to ``pygments>=2.20``.
+This avoids a regular expression denial-of-service attack described in `CVE-2026-4539 <https://www.cve.org/CVERecord?id=CVE-2026-4539>`__.
diff --git a/pyproject.toml b/pyproject.toml
index e51cafbd747..bd07fef6cec 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -51,7 +51,7 @@ dependencies = [
     "iniconfig>=1.0.1",
     "packaging>=22",
     "pluggy>=1.5,<2",
-    "pygments>=2.7.2",
+    "pygments>=2.20",
     "tomli>=1; python_version<'3.11'",
 ]
 optional-dependencies.dev = [