diff --git a/CHANGELOG.md b/CHANGELOG.md
index b205ff0d7..76e3be40e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -32,6 +32,7 @@
 * ensure `logprep.abc.Component.Config` is immutable and can be applied multiple times
 * remove lost callback reassign behavior from `kafka_input` connector
 * remove manual commit option from `kafka_input` connector
+* pin `mysql-connector-python` to >=9.1.0 to accommodate for CVE-2024-21272 and update `MySQLConnector` to work with the new version
 
 ## 13.1.2
 ### Bugfix
diff --git a/logprep/processor/generic_adder/mysql_connector.py b/logprep/processor/generic_adder/mysql_connector.py
index c212ea988..f425996a8 100644
--- a/logprep/processor/generic_adder/mysql_connector.py
+++ b/logprep/processor/generic_adder/mysql_connector.py
@@ -33,7 +33,7 @@ class MySQLConnector:
     _last_table_checksum: Optional[int]
     """Checksum of the database table that was obtained on the last update check"""
 
-    _cursor: mysql.connector.connection.CursorBase
+    _cursor: mysql.connector.connection.MySQLCursor
 
     def __init__(self, sql_config: dict):
         """Initialize the MySQLConnector.
diff --git a/pyproject.toml b/pyproject.toml
index 9e7468633..09b735733 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -67,7 +67,7 @@ dependencies = [
   "jsonref",
   "luqum",
   "more-itertools==8.10.0",
-  "mysql-connector-python<9",
+  "mysql-connector-python>=9.1.0",  #  CVE-2024-21272
   "numpy>=1.26.0",
   "opensearch-py",
   "prometheus_client",