diff --git a/deny.toml b/deny.toml
index 3831012ae8..6c418c472f 100644
--- a/deny.toml
+++ b/deny.toml
@@ -75,6 +75,7 @@ ignore = [
   { id = "RUSTSEC-2023-0071", reason = "rsa crate Marvin attack vulnerability from sigstore crate - no safe upgrade available" },
   { id = "RUSTSEC-2025-0119", reason = "number_prefix crate is unmaintained - used by indicatif/self_update, no safe upgrade available" },
   { id = "RUSTSEC-2026-0049", reason = "rustls-webpki 0.101.7 via rustls 0.21 in aws-smithy-http-client - no safe upgrade available" },
+  { id = "RUSTSEC-2026-0066", reason = "astral-tokio-tar 0.5.6 PAX extension validation - transitive dep via rattler_package_streaming, no safe upgrade available" },
   #"RUSTSEC-0000-0000",
   #{ id = "RUSTSEC-0000-0000", reason = "you can specify a reason the advisory is ignored" },
   #"a-crate-that-is-yanked@0.1.1", # you can also ignore yanked crate versions if you wish