diff --git a/.github/workflows/gradle-goal/action.yml b/.github/workflows/gradle-goal/action.yml
index 16f9f524..1c460ab0 100644
--- a/.github/workflows/gradle-goal/action.yml
+++ b/.github/workflows/gradle-goal/action.yml
@@ -28,7 +28,8 @@ runs:
       with:
         java-version-file: ${{ inputs.java-version-file }}
         distribution: ${{ inputs.distribution }}
-        cache: 'gradle'
+        # NOTE: disable the cache poisoning vector attack
+        # cache: 'gradle'
     - run: "${COMMAND}"
       shell: ${{ inputs.shell }}
       env:
diff --git a/.github/workflows/release-step-3.yml b/.github/workflows/release-step-3.yml
index 1bc0155e..6fadfea1 100644
--- a/.github/workflows/release-step-3.yml
+++ b/.github/workflows/release-step-3.yml
@@ -147,6 +147,9 @@ jobs:
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
+        with:
+          # NOTE: disable the cache poisoning vector attack
+          cache-binary: false
 
       - name: Log in to the Elastic Container registry
         uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0