diff --git a/opensearch-dashboards-3.yaml b/opensearch-dashboards-3.yaml
index 355b6a59e69..48c0d38a0b8 100644
--- a/opensearch-dashboards-3.yaml
+++ b/opensearch-dashboards-3.yaml
@@ -1,7 +1,7 @@
 package:
   name: opensearch-dashboards-3
-  version: "3.2.0" # when updating please check if we can remove the patched package.json for the reporting plugin
-  epoch: 2
+  version: "3.3.0"
+  epoch: 0
   description: Open source visualization dashboards for OpenSearch
   copyright:
     - license: Apache-2.0
@@ -60,11 +60,7 @@ pipeline:
     with:
       repository: https://github.com/opensearch-project/OpenSearch-Dashboards.git
       tag: ${{package.version}}
-      expected-commit: 9d91d4639ea0e0cbb909ccfda66de3288d0f02d7
-
-  - uses: patch
-    with:
-      patches: CVE-2025-9287-fix.patch
+      expected-commit: fbc260ec5a09d1c39270d20c9736f602ab4425d5
 
   - runs: |
       # Workaround for "OpenSearch Dashboards should not be run as root.  Use --allow-root to continue."
@@ -93,13 +89,9 @@ pipeline:
       devDependencies='{"cypress": "^13.5.1"}'
       jq --argjson devDependencies "$devDependencies" '.devDependencies += $devDependencies' package.json > temp.json && mv temp.json package.json
 
-      # fix CVE-2025-9288
-      devDependencies='{"sha.js": "^2.4.12"}'
-      jq --argjson devDependencies "$devDependencies" '.devDependencies += $devDependencies' package.json > temp.json && mv temp.json package.json
-
-      # fix CVE-2025-9287
-      devDependencies='{"cipher-base": "^1.0.5"}'
-      jq --argjson devDependencies "$devDependencies" '.devDependencies += $devDependencies' package.json > temp.json && mv temp.json package.json
+      # fix GHSA-w48q-cv73-mx4w
+      resolutions='{"@modelcontextprotocol/sdk": "1.24.0"}'
+      jq --argjson resolutions "$resolutions" '.resolutions += $resolutions' package.json > temp.json && mv temp.json package.json
 
       yarn osd bootstrap --allow-root
 
@@ -178,6 +170,7 @@ update:
   github:
     identifier: opensearch-project/OpenSearch-Dashboards
     tag-filter: "3."
+    use-tag: true
 
 test:
   environment:
diff --git a/opensearch-dashboards-3/CVE-2025-9287-fix.patch b/opensearch-dashboards-3/CVE-2025-9287-fix.patch
deleted file mode 100644
index 55402043763..00000000000
--- a/opensearch-dashboards-3/CVE-2025-9287-fix.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 492f1709325acba7ae076f68cfbbf28ccfe754dd Mon Sep 17 00:00:00 2001
-From: Suchit Sahoo <38322563+LDrago27@users.noreply.github.com>
-Date: Fri, 22 Aug 2025 17:31:38 -0700
-Subject: [PATCH] Fix GHSA-cpq7-6gpm-g9rc by bumping cipher-base,sha.js
- (#10442)
-
----
- changelogs/fragments/10442.yml |  2 ++
- package.json                   |  2 ++
- yarn.lock                      | 22 +++++++---------------
- 3 files changed, 11 insertions(+), 15 deletions(-)
- create mode 100644 changelogs/fragments/10442.yml
-
-diff --git a/changelogs/fragments/10442.yml b/changelogs/fragments/10442.yml
-new file mode 100644
-index 00000000000..2c07b362a0a
---- /dev/null
-+++ b/changelogs/fragments/10442.yml
-@@ -0,0 +1,2 @@
-+security:
-+- Fix GHSA-cpq7-6gpm-g9rc by bumping cipher-base,sha.js ([#10442](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/10442))
-\ No newline at end of file
-diff --git a/package.json b/package.json
-index 04fcc18e33a..f0d61143a6b 100644
---- a/package.json
-+++ b/package.json
-@@ -127,6 +127,8 @@
-     "**/@babel/runtime-corejs3": "^7.27.0",
-     "**/@babel/traverse": "^7.27.0",
-     "**/@cypress/request": "^3.0.0",
-+    "**/cipher-base": "^1.0.5",
-+    "**/sha.js": "^2.4.12",
-     "**/@types/node": "~20.10.5",
-     "**/ansi-regex": "^5.0.1",
-     "**/async": "^3.2.3",