diff --git a/.github/codeql/codeql-config.yml b/.github/codeql/codeql-config.yml
index f763ef6df71..d5453e19f9d 100644
--- a/.github/codeql/codeql-config.yml
+++ b/.github/codeql/codeql-config.yml
@@ -1,3 +1,11 @@
 paths-ignore:
   # Ignore compiled JS
   - netbox/project-static/dist
+
+query-filters:
+  # Exclude py/url-redirection: NetBox uses safe_for_redirect() wrapper function
+  # which validates all redirects via Django's url_has_allowed_host_and_scheme().
+  # CodeQL's taint tracking doesn't recognize wrapper functions without custom
+  # query configuration. See #20484.
+  - exclude:
+      id: py/url-redirection