diff --git a/micropython b/micropython
index 209a792..a2de50f 160000
--- a/micropython
+++ b/micropython
@@ -1 +1 @@
-Subproject commit 209a792453ad8eb2182a6f77db733048152ea3d5c8650015a37e4f2c12f9d7fe
+Subproject commit a2de50f788d6e3110ac57e439bca1ae23ab586d4115f671204c60ed759c6efd8
diff --git a/patchinfo.20251027103924170417.187004354831441/_patchinfo b/patchinfo.20251027103924170417.187004354831441/_patchinfo
new file mode 100644
index 0000000..4404321
--- /dev/null
+++ b/patchinfo.20251027103924170417.187004354831441/_patchinfo
@@ -0,0 +1,27 @@
+<patchinfo>
+  <issue tracker="cve" id="2025-59438">VUL-0: CVE-2025-59438: TRACKERBUG: mbedtls: padding oracle attack possible through timing of cipher error reporting</issue>
+  <packager>dheidler</packager>
+  <rating>moderate</rating>
+  <category>security</category>
+  <summary>Security update for micropython</summary>
+  <description>This update for micropython fixes the following issues:
+
+Changes in micropython:
+
+- Build with mbedtls-3.6.5 instead of bundled 3.6.2 to fix CVE-2025-59438
+
+Version 1.26.0:
+
+  * Added machine.I2CTarget for creating I2C target devices on multiple ports.
+  * New MCU support: STM32N6xx (800 MHz, ML accel) &amp; ESP32-C2 (WiFi + BLE).
+  * Major float accuracy boost (~28% → ~98%), constant folding in compiler.
+  * Optimized native/Viper emitters; reduced heap use for slices.
+  * Time functions standardized (1970–2099); new boards across ESP32, SAMD, STM32, Zephyr.
+  * ESP32: ESP-IDF 5.4.2, flash auto-detect, PCNT class, LAN8670 PHY.
+  * RP2: compressed errors, better lightsleep, hard IRQ timers.
+  * Zephyr v4.0.0: PWM, SoftI2C/SPI, BLE runtime services, boot.py/main.py support.
+  * mpremote adds fs tree, improved df, portable config paths.
+  * Updated lwIP, LittleFS, libhydrogen, stm32lib; expanded hardware/CI tests.
+</description>
+  <package>micropython</package>
+</patchinfo>