diff --git a/pyproject.toml b/pyproject.toml
index 3ad50a8..6df0c0c 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -44,6 +44,10 @@ dependencies = [
     "pyvisa>=1.14.0,<2",
     "pyyaml>=6.0,<7",
     "pydantic>=2.0,<3",
+    # Security floor for litellm's transitive aiohttp dependency:
+    # 3.13.x is affected by CVE-2026-34993 / CVE-2026-47265 (fixed in 3.14.0), and
+    # 3.14.0 by CVE-2026-54273..54280 (fixed in 3.14.1).
+    "aiohttp>=3.14.1",
 ]
 
 [project.optional-dependencies]