diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml
index 34182a1..a27b204 100644
--- a/.github/workflows/security-scan.yml
+++ b/.github/workflows/security-scan.yml
@@ -135,7 +135,7 @@ jobs:
       - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5  # v4
       - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00  # v6
         with:
-          go-version: "1.23"
+          go-version: "stable"  # osv-scanner v2.3.5 needs Go ≥ 1.26.1
       - name: Install + run OSV-Scanner
         run: |
           set -euxo pipefail