diff --git a/agent_requirements.in b/agent_requirements.in
index 9d96e0e3dbc26..84d177ba06f66 100644
--- a/agent_requirements.in
+++ b/agent_requirements.in
@@ -10,7 +10,7 @@ clickhouse-cityhash==1.0.2.4
 clickhouse-driver==0.2.9
 cm-client==45.0.4
 confluent-kafka==2.5.0
-cryptography==43.0.0
+cryptography==43.0.1
 ddtrace==2.10.6
 dnspython==2.6.1
 foundationdb==6.3.24
diff --git a/cisco_aci/changelog.d/18656.security b/cisco_aci/changelog.d/18656.security
new file mode 100644
index 0000000000000..ad676917cac26
--- /dev/null
+++ b/cisco_aci/changelog.d/18656.security
@@ -0,0 +1 @@
+Bump version of cryptography to 43.0.1 to address vulnerability
\ No newline at end of file
diff --git a/cisco_aci/pyproject.toml b/cisco_aci/pyproject.toml
index 7a0c4345b6ed9..cbb6dbdbf226a 100644
--- a/cisco_aci/pyproject.toml
+++ b/cisco_aci/pyproject.toml
@@ -36,7 +36,7 @@ license = "BSD-3-Clause"
 
 [project.optional-dependencies]
 deps = [
-    "cryptography==43.0.0",
+    "cryptography==43.0.1",
 ]
 
 [project.urls]
diff --git a/datadog_checks_base/changelog.d/18656.security b/datadog_checks_base/changelog.d/18656.security
new file mode 100644
index 0000000000000..ad676917cac26
--- /dev/null
+++ b/datadog_checks_base/changelog.d/18656.security
@@ -0,0 +1 @@
+Bump version of cryptography to 43.0.1 to address vulnerability
\ No newline at end of file
diff --git a/datadog_checks_base/pyproject.toml b/datadog_checks_base/pyproject.toml
index d6b0733532c1f..b4b2d74bcd2d1 100644
--- a/datadog_checks_base/pyproject.toml
+++ b/datadog_checks_base/pyproject.toml
@@ -36,7 +36,7 @@ db = [
 deps = [
     "binary==1.0.0",
     "cachetools==5.5.0",
-    "cryptography==43.0.0",
+    "cryptography==43.0.1",
     "ddtrace==2.10.6",
     "importlib-metadata==2.1.3; python_version < '3.8'",
     "jellyfish==1.1.0",
diff --git a/http_check/changelog.d/18656.security b/http_check/changelog.d/18656.security
new file mode 100644
index 0000000000000..ad676917cac26
--- /dev/null
+++ b/http_check/changelog.d/18656.security
@@ -0,0 +1 @@
+Bump version of cryptography to 43.0.1 to address vulnerability
\ No newline at end of file
diff --git a/http_check/pyproject.toml b/http_check/pyproject.toml
index b41c1f1ebba57..9b938ef95d20b 100644
--- a/http_check/pyproject.toml
+++ b/http_check/pyproject.toml
@@ -36,7 +36,7 @@ license = "BSD-3-Clause"
 
 [project.optional-dependencies]
 deps = [
-    "cryptography==43.0.0",
+    "cryptography==43.0.1",
     "requests-ntlm==1.3.0",
 ]
 
diff --git a/mysql/changelog.d/18656.security b/mysql/changelog.d/18656.security
new file mode 100644
index 0000000000000..ad676917cac26
--- /dev/null
+++ b/mysql/changelog.d/18656.security
@@ -0,0 +1 @@
+Bump version of cryptography to 43.0.1 to address vulnerability
\ No newline at end of file
diff --git a/mysql/pyproject.toml b/mysql/pyproject.toml
index 4d553d3200f48..5d34169242572 100644
--- a/mysql/pyproject.toml
+++ b/mysql/pyproject.toml
@@ -37,7 +37,7 @@ license = "BSD-3-Clause"
 [project.optional-dependencies]
 deps = [
     "cachetools==5.5.0",
-    "cryptography==43.0.0",
+    "cryptography==43.0.1",
     "pymysql==1.1.1",
 ]
 
diff --git a/tls/changelog.d/18656.security b/tls/changelog.d/18656.security
new file mode 100644
index 0000000000000..ad676917cac26
--- /dev/null
+++ b/tls/changelog.d/18656.security
@@ -0,0 +1 @@
+Bump version of cryptography to 43.0.1 to address vulnerability
\ No newline at end of file
diff --git a/tls/pyproject.toml b/tls/pyproject.toml
index f0804b755040d..961a243ef4408 100644
--- a/tls/pyproject.toml
+++ b/tls/pyproject.toml
@@ -36,7 +36,7 @@ license = "BSD-3-Clause"
 
 [project.optional-dependencies]
 deps = [
-    "cryptography==43.0.0",
+    "cryptography==43.0.1",
     "service-identity[idna]==24.1.0",
 ]