diff --git a/src/debugpy/_vendored/pydevd/_pydevd_sys_monitoring/_pydevd_sys_monitoring_cython.c b/src/debugpy/_vendored/pydevd/_pydevd_sys_monitoring/_pydevd_sys_monitoring_cython.c
index 389088c2..fd61882a 100644
--- a/src/debugpy/_vendored/pydevd/_pydevd_sys_monitoring/_pydevd_sys_monitoring_cython.c
+++ b/src/debugpy/_vendored/pydevd/_pydevd_sys_monitoring/_pydevd_sys_monitoring_cython.c
@@ -38185,7 +38185,7 @@ static PyObject* __Pyx_PyUnicode_Join(PyObject** values, Py_ssize_t value_count,
         ukind = __Pyx_PyUnicode_KIND(uval);
         udata = __Pyx_PyUnicode_DATA(uval);
         if (ukind == result_ukind) {
-            memcpy((char *)result_udata + (char_pos << kind_shift), udata, (size_t) (ulength << kind_shift));
+            memcpy((char *)result_udata + (char_pos << kind_shift), udata, (size_t) (ulength << kind_shift)); /* Flawfinder: ignore */
         } else {
             #if PY_VERSION_HEX >= 0x030d0000
             if (unlikely(PyUnicode_CopyCharacters(result_uval, char_pos, uval, 0, ulength) < 0)) goto bad;
diff --git a/src/debugpy/_vendored/pydevd/setup_pydevd_cython.py b/src/debugpy/_vendored/pydevd/setup_pydevd_cython.py
index fdaf87ec..18f537a6 100644
--- a/src/debugpy/_vendored/pydevd/setup_pydevd_cython.py
+++ b/src/debugpy/_vendored/pydevd/setup_pydevd_cython.py
@@ -177,6 +177,17 @@ def build_extension(dir_name, extension_name, target_pydevd_name, force_cython,
                 c_file_contents = c_file_contents.replace(r"_pydevd_bundle\\pydevd_cython.pxd", "_pydevd_bundle/pydevd_cython.pxd")
                 c_file_contents = c_file_contents.replace(r"_pydevd_bundle\\pydevd_cython.pyx", "_pydevd_bundle/pydevd_cython.pyx")
 
+                # Suppress Flawfinder false positive (CWE-120) in the Cython 3.x
+                # `__Pyx_PyUnicode_Join` boilerplate: the destination `result_uval` was just
+                # allocated via `PyUnicode_New(result_ulength, max_char)`, and the immediately
+                # preceding `(PY_SSIZE_T_MAX >> kind_shift) - ulength < char_pos` check guards
+                # against char_pos+ulength overflow before the memcpy. The size argument is
+                # `ulength << kind_shift` which is bounded by the pre-allocated buffer length.
+                c_file_contents = c_file_contents.replace(
+                    "            memcpy((char *)result_udata + (char_pos << kind_shift), udata, (size_t) (ulength << kind_shift));\n",
+                    "            memcpy((char *)result_udata + (char_pos << kind_shift), udata, (size_t) (ulength << kind_shift)); /* Flawfinder: ignore */\n",
+                )
+
                 # Suppress Flawfinder false positive (CWE-120) in the Cython 3.x
                 # CIntToPyUnicode boilerplate (`__Pyx____Pyx_PyUnicode_From_int`): the destination
                 # `dpos` is a stack buffer of size `sizeof(int)*3+2`, and `dpos -= 2` immediately