diff --git a/pyproject.toml b/pyproject.toml
index d8b00c0a..937ad983 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -36,7 +36,7 @@ dependencies = [
     # Security patches for transitive dependencies
     # Note: filelock>=3.20.3 fix requires Python 3.10+, pinned in Dockerfile only
     "jaraco-context>=6.1.0",  # GHSA-58pv-8j8x-9vj2 path traversal vulnerability
-    "wheel>=0.46.2",  # CVE-2026-24049 privilege escalation vulnerability
+    "wheel>=0.47.0",  # CVE-2026-24049 privilege escalation vulnerability
     "urllib3>=2.6.3",  # GHSA-38jv-5279-wg99, GHSA-2xpw-w6gg-jr37, GHSA-gm62-xv2j-4w53, GHSA-pq67-6m6q-mj2v
     "python-json-logger>=2.0.0",  # Structured JSON logging (Issue #208)
 ]
diff --git a/requirements.txt b/requirements.txt
index 258725de..f0d32b93 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -38,5 +38,5 @@ boto3>=1.35.0
 # Security patches for transitive dependencies
 # Note: filelock>=3.20.3 fix requires Python 3.10+, pinned in Dockerfile only
 jaraco-context>=6.1.0  # GHSA-58pv-8j8x-9vj2 path traversal vulnerability
-wheel>=0.46.2  # CVE-2026-24049 privilege escalation vulnerability
+wheel>=0.47.0  # CVE-2026-24049 privilege escalation vulnerability
 urllib3>=2.6.3  # GHSA-38jv-5279-wg99, GHSA-2xpw-w6gg-jr37, GHSA-gm62-xv2j-4w53, GHSA-pq67-6m6q-mj2v