diff --git a/csharp/ql/src/Security Features/CWE-134/UncontrolledFormatString.ql b/csharp/ql/src/Security Features/CWE-134/UncontrolledFormatString.ql
index b99839226c5..3fc132eb301 100644
--- a/csharp/ql/src/Security Features/CWE-134/UncontrolledFormatString.ql	
+++ b/csharp/ql/src/Security Features/CWE-134/UncontrolledFormatString.ql	
@@ -4,7 +4,7 @@
  *              and cause a denial of service.
  * @kind path-problem
  * @problem.severity error
- * @security-severity 9.3
+ * @security-severity 7.3
  * @precision high
  * @id cs/uncontrolled-format-string
  * @tags security
diff --git a/csharp/ql/src/change-notes/2025-06-06-reduce-CWE-134-for-memory-safe-languages.md b/csharp/ql/src/change-notes/2025-06-06-reduce-CWE-134-for-memory-safe-languages.md
new file mode 100644
index 00000000000..60006391ac6
--- /dev/null
+++ b/csharp/ql/src/change-notes/2025-06-06-reduce-CWE-134-for-memory-safe-languages.md
@@ -0,0 +1,4 @@
+---
+category: queryMetadata
+---
+* Adjusts the `@security-severity` from 9.3 to 7.3 for `cs/uncontrolled-format-string` to align `CWE-134` severity for memory safe languages to better reflect their impact.
diff --git a/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql b/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql
index fc5af977a33..ffb191327a2 100644
--- a/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql
+++ b/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql
@@ -3,7 +3,7 @@
  * @description Using external input in format strings can lead to exceptions or information leaks.
  * @kind path-problem
  * @problem.severity error
- * @security-severity 9.3
+ * @security-severity 7.3
  * @precision high
  * @id java/tainted-format-string
  * @tags security
diff --git a/java/ql/src/change-notes/2025-06-06-reduce-CWE-134-for-memory-safe-languages.md b/java/ql/src/change-notes/2025-06-06-reduce-CWE-134-for-memory-safe-languages.md
new file mode 100644
index 00000000000..6ab4beb7290
--- /dev/null
+++ b/java/ql/src/change-notes/2025-06-06-reduce-CWE-134-for-memory-safe-languages.md
@@ -0,0 +1,4 @@
+---
+category: queryMetadata
+---
+* Adjusts the `@security-severity` from 9.3 to 7.3 for `java/tainted-format-string` to align `CWE-134` severity for memory safe languages to better reflect their impact.
diff --git a/swift/ql/src/change-notes/2025-06-06-reduce-CWE-134-for-memory-safe-languages.md b/swift/ql/src/change-notes/2025-06-06-reduce-CWE-134-for-memory-safe-languages.md
new file mode 100644
index 00000000000..43be14dc8eb
--- /dev/null
+++ b/swift/ql/src/change-notes/2025-06-06-reduce-CWE-134-for-memory-safe-languages.md
@@ -0,0 +1,4 @@
+---
+category: queryMetadata
+---
+* Adjusts the `@security-severity` from 9.3 to 7.3 for `swift/uncontrolled-format-string` to align `CWE-134` severity for memory safe languages to better reflect their impact.
\ No newline at end of file
diff --git a/swift/ql/src/queries/Security/CWE-134/UncontrolledFormatString.ql b/swift/ql/src/queries/Security/CWE-134/UncontrolledFormatString.ql
index 7f6ea32341b..4376f0f4c0f 100644
--- a/swift/ql/src/queries/Security/CWE-134/UncontrolledFormatString.ql
+++ b/swift/ql/src/queries/Security/CWE-134/UncontrolledFormatString.ql
@@ -3,7 +3,7 @@
  * @description Using external input in format strings can lead to exceptions or information leaks.
  * @kind path-problem
  * @problem.severity error
- * @security-severity 9.3
+ * @security-severity 7.3
  * @precision high
  * @id swift/uncontrolled-format-string
  * @tags security