diff --git a/.github/trivyignores/spark-runtime-3.4_2.12.trivyignore b/.github/trivyignores/spark-runtime-3.4_2.12.trivyignore
new file mode 100644
index 000000000000..c6ba9b180693
--- /dev/null
+++ b/.github/trivyignores/spark-runtime-3.4_2.12.trivyignore
@@ -0,0 +1,29 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+# CVE ignore list for spark-runtime-3.4_2.12.
+#
+# Each entry: CVE ID, optional expiry (`exp:YYYY-MM-DD`), and rationale.
+# Format reference: https://aquasecurity.github.io/trivy/latest/docs/configuration/filtering/#trivyignore
+
+# CVE-2025-52999 — jackson-core 2.14.2 StackoverflowError on deeply-nested input.
+# Pinned by Spark 3.4 runtime compatibility (Spark 3.4 ships jackson 2.14).
+# Spark 3.4 support is being removed from Iceberg in the near term; track the
+# removal and drop this file when the spark-runtime-3.4 module goes away.
+CVE-2025-52999
diff --git a/.github/workflows/cve-scan.yml b/.github/workflows/cve-scan.yml
index a255104013d2..533639aa2bee 100644
--- a/.github/workflows/cve-scan.yml
+++ b/.github/workflows/cve-scan.yml
@@ -27,22 +27,27 @@ on:
     - '2.*'
     tags:
     - 'apache-iceberg-**'
+  pull_request:
 
 permissions:
   contents: read
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: false
+  cancel-in-progress: ${{ github.event_name == 'pull_request' }}
 
 jobs:
 
   # ------------------------------------------------------------------
   # Trivy CVE scan — scans bundled jars for known vulnerabilities.
   #
-  # Runs on push to main/release branches only (not PRs). Results are
-  # uploaded as SARIF to the GitHub Security tab for ongoing tracking.
-  # The scan is informational and does not block the build.
+  # Behaviour:
+  #   - On PRs: the scan blocks CI if CVEs are found (exit-code 1).
+  #     SARIF upload is skipped because GitHub's Security tab only
+  #     accepts results from default/protected branches.
+  #   - On push to main/release branches: the scan is informational
+  #     (exit-code 0) and results are uploaded as SARIF to the GitHub
+  #     Security tab for ongoing tracking.
   # ------------------------------------------------------------------
   cve-scan:
     runs-on: ubuntu-24.04
@@ -77,6 +82,7 @@ jobs:
             :iceberg-spark:iceberg-spark-runtime-3.4_2.12:shadowJar
           scan-path: spark/v3.4/spark-runtime/build/libs
           unpack: false
+          trivyignores: .github/trivyignores/spark-runtime-3.4_2.12.trivyignore
         - distribution: spark-runtime-3.5_2.12
           build-task: >-
             -DsparkVersions=3.5
@@ -126,7 +132,7 @@ jobs:
       with:
         distribution: zulu
         java-version: 21
-    - uses: gradle/actions/setup-gradle@0723195856401067f7a2779048b490ace7a47d7c # v5.0.2 # zizmor: ignore[cache-poisoning] -- cache writes are restricted to the default branch by setup-gradle
+    - uses: gradle/actions/setup-gradle@0723195856401067f7a2779048b490ace7a47d7c # v5.0.2
     - name: Build ${{ matrix.distribution }}
       run: |
         ./gradlew -DsparkVersions= -DflinkVersions= \
@@ -148,7 +154,9 @@ jobs:
         scanners: 'vuln'
         severity: 'HIGH,CRITICAL'
         limit-severities-for-sarif: true
-        exit-code: '0'
+        trivyignores: ${{ matrix.trivyignores || '' }}
+        # Block PRs on CVE findings; on main/release branches report without failing
+        exit-code: ${{ github.event_name == 'pull_request' && '1' || '0' }}
         format: 'sarif'
         output: 'trivy-results.sarif'
     - name: Print Trivy scan results
@@ -161,7 +169,7 @@ jobs:
           echo "No SARIF file found — scan may have failed to install."
         fi
     - name: Upload Trivy results to GitHub Security tab
-      if: always()
+      if: always() && github.event_name == 'push'
       uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
       with:
         sarif_file: 'trivy-results.sarif'