diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 578d5fcb5e..0eeece0969 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -44,6 +44,9 @@ Fixed
 * Update importlib-metadata from 3.10.1 to 4.8.3 for py3.6 and to 4.10.1 for py3.8 (security). #6072
   Contributed by @jk464
 
+* Update requests from 2.25.1 to 2.27.1 for py3.6  and to 2.31.0 for py3.8 (security). #6062
+  Contributed by @jk464
+
 Added
 ~~~~~
 * Move `git clone` to `user_home/.st2packs` #5845
diff --git a/fixed-requirements.txt b/fixed-requirements.txt
index 21f93c6f91..cba3b8718e 100644
--- a/fixed-requirements.txt
+++ b/fixed-requirements.txt
@@ -54,7 +54,9 @@ pytz==2021.1
 pywinrm==0.4.1
 pyyaml==5.4.1
 redis==4.1.4
-requests[security]==2.25.1
+# Note: installs requests[security]==2.31.0 (security fixed) under py3.8 and requests[security]==2.27.1 (latest available, vulnerable) under py3.6
+# TODO: Pin explicitly after dropping python3.6 support
+requests[security]>=2.27.1,<=2.31.0
 retrying==1.3.3
 routes==2.4.1
 semver==2.13.0
diff --git a/lockfiles/st2.lock b/lockfiles/st2.lock
index 1d97f6325d..8e0cae8e97 100644
--- a/lockfiles/st2.lock
+++ b/lockfiles/st2.lock
@@ -4009,7 +4009,7 @@
           "artifacts": [
             {
               "algorithm": "sha256",
-              "hash": "c521a3dfc6948a6a57da4dcaa48e0b3390fadcf00d36e3948510cd1c32a10d96",
+              "hash": "29c6ff480b24e4bc316ed69eac5503c71f4700ed17649ae5c5ca8cd745e5852f",
               "url": "git+https://github.com/StackStorm/st2-auth-ldap.git@master"
             }
           ],
diff --git a/requirements.txt b/requirements.txt
index b0b44eda39..731002457b 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -60,7 +60,7 @@ pywinrm==0.4.1
 pyyaml==5.4.1
 redis==4.1.4
 rednose
-requests[security]==2.25.1
+requests[security]>=2.27.1,<=2.31.0
 retrying==1.3.3
 routes==2.4.1
 semver==2.13.0
diff --git a/st2actions/requirements.txt b/st2actions/requirements.txt
index bdfe4e8b1c..ffcb935e23 100644
--- a/st2actions/requirements.txt
+++ b/st2actions/requirements.txt
@@ -21,5 +21,5 @@ pyparsing<3
 python-dateutil==2.8.1
 python-json-logger
 pyyaml==5.4.1
-requests[security]==2.25.1
+requests[security]>=2.27.1,<=2.31.0
 six==1.13.0
diff --git a/st2client/requirements.txt b/st2client/requirements.txt
index e4656b91d8..3fda16e0c1 100644
--- a/st2client/requirements.txt
+++ b/st2client/requirements.txt
@@ -21,7 +21,7 @@ python-dateutil==2.8.1
 python-editor==1.0.4
 pytz==2021.1
 pyyaml==5.4.1
-requests[security]==2.25.1
+requests[security]>=2.27.1,<=2.31.0
 six==1.13.0
 sseclient-py==1.7
 typing-extensions<4.2
diff --git a/st2common/requirements.txt b/st2common/requirements.txt
index 575b251177..64c13c68aa 100644
--- a/st2common/requirements.txt
+++ b/st2common/requirements.txt
@@ -36,7 +36,7 @@ python-dateutil==2.8.1
 python-statsd==2.1.0
 pyyaml==5.4.1
 redis==4.1.4
-requests[security]==2.25.1
+requests[security]>=2.27.1,<=2.31.0
 retrying==1.3.3
 routes==2.4.1
 semver==2.13.0