diff --git a/pyproject.toml b/pyproject.toml
index c1ed2d37..28d48a28 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -138,7 +138,6 @@ dependencies = [
     "lxml>=6.1.0",                      # CVE-2026-41066 (Renovate #556); also required for python 3.14 pre-built wheels
     "filelock>=3.20.3",                 # CVE-2025-68146 (>=3.20.1); CVE-2026-22701 (>=3.20.3, Renovate #387)
     "marshmallow>=3.26.2",              # CVE-2025-68480
-    "pygments>=2.20.0",                 # CVE-2026-4539 (>=2.20.0); transitive via rich
     "cryptography>=46.0.7",             # CVE-2026-39892 (>=46.0.7); transitive via pyjwt[crypto]
     "pydicom>=3.0.2",                   # CVE-2026-32711 (>=3.0.2); transitive via dicomweb-client/wsidicom/highdicom
     "pyasn1>=0.6.3",                    # CVE-2026-30922 (>=0.6.3); transitive via cryptography
diff --git a/uv.lock b/uv.lock
index a0f806f6..5ee497cd 100644
--- a/uv.lock
+++ b/uv.lock
@@ -69,7 +69,6 @@ dependencies = [
     { name = "pyasn1" },
     { name = "pydantic-settings" },
     { name = "pydicom" },
-    { name = "pygments" },
     { name = "pyjwt", extra = ["crypto"] },
     { name = "python-dateutil" },
     { name = "python-multipart" },
@@ -216,7 +215,6 @@ requires-dist = [
     { name = "pyasn1", specifier = ">=0.6.3" },
     { name = "pydantic-settings", specifier = ">=2.12.0,<3" },
     { name = "pydicom", specifier = ">=3.0.2" },
-    { name = "pygments", specifier = ">=2.20.0" },
     { name = "pyinstaller", marker = "extra == 'pyinstaller'", specifier = ">=6.14.0,<7" },
     { name = "pyjwt", extras = ["crypto"], specifier = ">=2.12.0,<3" },
     { name = "python-dateutil", specifier = ">=2.9.0.post0,<3" },