diff --git a/CHANGELOG.md b/CHANGELOG.md
index d016b4fed..a82ecdbfd 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,7 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th
 ## [UNRELEASED]
 
 - Added an experimental change which, when running a Code Scanning analysis for a PR with [improved incremental analysis](https://github.com/github/roadmap/issues/1158) enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. [#3880](https://github.com/github/codeql-action/pull/3880)
+- _Breaking change_: Bump the minimum required CodeQL bundle version to 2.19.4. [#3894](https://github.com/github/codeql-action/pull/3894)
 
 ## 4.35.4 - 07 May 2026
 
diff --git a/README.md b/README.md
index bee9072a0..530c028f9 100644
--- a/README.md
+++ b/README.md
@@ -78,8 +78,6 @@ We typically release new minor versions of the CodeQL Action and Bundle when a n
 | `v3.28.21` | `2.21.3` | Enterprise Server 3.18 | |
 | `v3.28.12` | `2.20.7` | Enterprise Server 3.17 | |
 | `v3.28.6` | `2.20.3` | Enterprise Server 3.16 | |
-| `v3.28.6` | `2.20.3` | Enterprise Server 3.15 | |
-| `v3.28.6` | `2.20.3` | Enterprise Server 3.14 | |
 
 See the full list of GHES release and deprecation dates at [GitHub Enterprise Server releases](https://docs.github.com/en/enterprise-server/admin/all-releases#releases-of-github-enterprise-server).
 
diff --git a/lib/analyze-action-post.js b/lib/analyze-action-post.js
index 379439ac9..2e876c86c 100644
--- a/lib/analyze-action-post.js
+++ b/lib/analyze-action-post.js
@@ -126877,7 +126877,7 @@ function getDiffRangesJsonFilePath() {
   return path2.join(getTemporaryDirectory(), PR_DIFF_RANGE_JSON_FILENAME);
 }
 function getActionVersion() {
-  return "4.35.5";
+  return "4.36.0";
 }
 function getWorkflowEventName() {
   return getRequiredEnvParam("GITHUB_EVENT_NAME");
@@ -128089,7 +128089,7 @@ async function shouldEnableIndirectTracing(codeql, config) {
 
 // src/codeql.ts
 var cachedCodeQL = void 0;
-var CODEQL_MINIMUM_VERSION = "2.17.6";
+var CODEQL_MINIMUM_VERSION = "2.19.4";
 var CODEQL_NEXT_MINIMUM_VERSION = "2.19.4";
 var GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.15";
 var GHES_MOST_RECENT_DEPRECATION_DATE = "2026-04-09";
diff --git a/lib/analyze-action.js b/lib/analyze-action.js
index 446472b87..c496c4aca 100644
--- a/lib/analyze-action.js
+++ b/lib/analyze-action.js
@@ -88803,7 +88803,7 @@ function getDiffRangesJsonFilePath() {
   return path2.join(getTemporaryDirectory(), PR_DIFF_RANGE_JSON_FILENAME);
 }
 function getActionVersion() {
-  return "4.35.5";
+  return "4.36.0";
 }
 function getWorkflowEventName() {
   return getRequiredEnvParam("GITHUB_EVENT_NAME");
@@ -92210,7 +92210,7 @@ async function endTracingForCluster(codeql, config, logger) {
 
 // src/codeql.ts
 var cachedCodeQL = void 0;
-var CODEQL_MINIMUM_VERSION = "2.17.6";
+var CODEQL_MINIMUM_VERSION = "2.19.4";
 var CODEQL_NEXT_MINIMUM_VERSION = "2.19.4";
 var GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.15";
 var GHES_MOST_RECENT_DEPRECATION_DATE = "2026-04-09";
diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js
index e03e79d14..62f1100d6 100644
--- a/lib/autobuild-action.js
+++ b/lib/autobuild-action.js
@@ -85608,7 +85608,7 @@ function getDiffRangesJsonFilePath() {
   return path2.join(getTemporaryDirectory(), PR_DIFF_RANGE_JSON_FILENAME);
 }
 function getActionVersion() {
-  return "4.35.5";
+  return "4.36.0";
 }
 function getWorkflowEventName() {
   return getRequiredEnvParam("GITHUB_EVENT_NAME");
@@ -87263,7 +87263,7 @@ async function endTracingForCluster(codeql, config, logger) {
 
 // src/codeql.ts
 var cachedCodeQL = void 0;
-var CODEQL_MINIMUM_VERSION = "2.17.6";
+var CODEQL_MINIMUM_VERSION = "2.19.4";
 var CODEQL_NEXT_MINIMUM_VERSION = "2.19.4";
 var GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.15";
 var GHES_MOST_RECENT_DEPRECATION_DATE = "2026-04-09";
diff --git a/lib/init-action-post.js b/lib/init-action-post.js
index 8e12e0ec6..71f6e4772 100644
--- a/lib/init-action-post.js
+++ b/lib/init-action-post.js
@@ -129987,7 +129987,7 @@ function getDiffRangesJsonFilePath() {
   return path2.join(getTemporaryDirectory(), PR_DIFF_RANGE_JSON_FILENAME);
 }
 function getActionVersion() {
-  return "4.35.5";
+  return "4.36.0";
 }
 function getWorkflowEventName() {
   return getRequiredEnvParam("GITHUB_EVENT_NAME");
@@ -133148,7 +133148,7 @@ async function shouldEnableIndirectTracing(codeql, config) {
 
 // src/codeql.ts
 var cachedCodeQL = void 0;
-var CODEQL_MINIMUM_VERSION = "2.17.6";
+var CODEQL_MINIMUM_VERSION = "2.19.4";
 var CODEQL_NEXT_MINIMUM_VERSION = "2.19.4";
 var GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.15";
 var GHES_MOST_RECENT_DEPRECATION_DATE = "2026-04-09";
diff --git a/lib/init-action.js b/lib/init-action.js
index 7b21c181c..f24f6c2f2 100644
--- a/lib/init-action.js
+++ b/lib/init-action.js
@@ -86162,7 +86162,7 @@ function getDiffRangesJsonFilePath() {
   return path2.join(getTemporaryDirectory(), PR_DIFF_RANGE_JSON_FILENAME);
 }
 function getActionVersion() {
-  return "4.35.5";
+  return "4.36.0";
 }
 function getWorkflowEventName() {
   return getRequiredEnvParam("GITHUB_EVENT_NAME");
@@ -91128,7 +91128,7 @@ async function getCombinedTracerConfig(codeql, config) {
 
 // src/codeql.ts
 var cachedCodeQL = void 0;
-var CODEQL_MINIMUM_VERSION = "2.17.6";
+var CODEQL_MINIMUM_VERSION = "2.19.4";
 var CODEQL_NEXT_MINIMUM_VERSION = "2.19.4";
 var GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.15";
 var GHES_MOST_RECENT_DEPRECATION_DATE = "2026-04-09";
diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js
index 5e318a9d8..83a920843 100644
--- a/lib/resolve-environment-action.js
+++ b/lib/resolve-environment-action.js
@@ -85616,7 +85616,7 @@ function getDiffRangesJsonFilePath() {
   return path2.join(getTemporaryDirectory(), PR_DIFF_RANGE_JSON_FILENAME);
 }
 function getActionVersion() {
-  return "4.35.5";
+  return "4.36.0";
 }
 function getWorkflowEventName() {
   return getRequiredEnvParam("GITHUB_EVENT_NAME");
@@ -86895,7 +86895,7 @@ async function shouldEnableIndirectTracing(codeql, config) {
 
 // src/codeql.ts
 var cachedCodeQL = void 0;
-var CODEQL_MINIMUM_VERSION = "2.17.6";
+var CODEQL_MINIMUM_VERSION = "2.19.4";
 var CODEQL_NEXT_MINIMUM_VERSION = "2.19.4";
 var GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.15";
 var GHES_MOST_RECENT_DEPRECATION_DATE = "2026-04-09";
diff --git a/lib/setup-codeql-action.js b/lib/setup-codeql-action.js
index d3a585c78..74be78daf 100644
--- a/lib/setup-codeql-action.js
+++ b/lib/setup-codeql-action.js
@@ -85709,7 +85709,7 @@ function getDiffRangesJsonFilePath() {
   return path2.join(getTemporaryDirectory(), PR_DIFF_RANGE_JSON_FILENAME);
 }
 function getActionVersion() {
-  return "4.35.5";
+  return "4.36.0";
 }
 function getWorkflowEventName() {
   return getRequiredEnvParam("GITHUB_EVENT_NAME");
@@ -88602,7 +88602,7 @@ async function shouldEnableIndirectTracing(codeql, config) {
 
 // src/codeql.ts
 var cachedCodeQL = void 0;
-var CODEQL_MINIMUM_VERSION = "2.17.6";
+var CODEQL_MINIMUM_VERSION = "2.19.4";
 var CODEQL_NEXT_MINIMUM_VERSION = "2.19.4";
 var GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.15";
 var GHES_MOST_RECENT_DEPRECATION_DATE = "2026-04-09";
diff --git a/lib/start-proxy-action-post.js b/lib/start-proxy-action-post.js
index 5e67aaa28..489590c29 100644
--- a/lib/start-proxy-action-post.js
+++ b/lib/start-proxy-action-post.js
@@ -126824,7 +126824,7 @@ function getTemporaryDirectory() {
   return value !== void 0 && value !== "" ? value : getRequiredEnvParam("RUNNER_TEMP");
 }
 function getActionVersion() {
-  return "4.35.5";
+  return "4.36.0";
 }
 var persistedInputsKey = "persisted_inputs";
 var restoreInputs = function() {
diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js
index ee67ed723..e53cbd41f 100644
--- a/lib/start-proxy-action.js
+++ b/lib/start-proxy-action.js
@@ -102813,7 +102813,7 @@ function getTemporaryDirectory() {
   return value !== void 0 && value !== "" ? value : getRequiredEnvParam("RUNNER_TEMP");
 }
 function getActionVersion() {
-  return "4.35.5";
+  return "4.36.0";
 }
 function getWorkflowEventName() {
   return getRequiredEnvParam("GITHUB_EVENT_NAME");
diff --git a/lib/upload-lib.js b/lib/upload-lib.js
index b649b5672..16d1d4e48 100644
--- a/lib/upload-lib.js
+++ b/lib/upload-lib.js
@@ -88509,7 +88509,7 @@ function getDiffRangesJsonFilePath() {
   return path2.join(getTemporaryDirectory(), PR_DIFF_RANGE_JSON_FILENAME);
 }
 function getActionVersion() {
-  return "4.35.5";
+  return "4.36.0";
 }
 function getWorkflowEventName() {
   return getRequiredEnvParam("GITHUB_EVENT_NAME");
@@ -91209,7 +91209,7 @@ async function shouldEnableIndirectTracing(codeql, config) {
 
 // src/codeql.ts
 var cachedCodeQL = void 0;
-var CODEQL_MINIMUM_VERSION = "2.17.6";
+var CODEQL_MINIMUM_VERSION = "2.19.4";
 var CODEQL_NEXT_MINIMUM_VERSION = "2.19.4";
 var GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.15";
 var GHES_MOST_RECENT_DEPRECATION_DATE = "2026-04-09";
diff --git a/lib/upload-sarif-action-post.js b/lib/upload-sarif-action-post.js
index dfafe6501..cfb7d1e31 100644
--- a/lib/upload-sarif-action-post.js
+++ b/lib/upload-sarif-action-post.js
@@ -126824,7 +126824,7 @@ function getTemporaryDirectory() {
   return value !== void 0 && value !== "" ? value : getRequiredEnvParam("RUNNER_TEMP");
 }
 function getActionVersion() {
-  return "4.35.5";
+  return "4.36.0";
 }
 var persistedInputsKey = "persisted_inputs";
 var restoreInputs = function() {
diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js
index 522ab1aba..4e2f843bb 100644
--- a/lib/upload-sarif-action.js
+++ b/lib/upload-sarif-action.js
@@ -88537,7 +88537,7 @@ function getDiffRangesJsonFilePath() {
   return path2.join(getTemporaryDirectory(), PR_DIFF_RANGE_JSON_FILENAME);
 }
 function getActionVersion() {
-  return "4.35.5";
+  return "4.36.0";
 }
 function getWorkflowEventName() {
   return getRequiredEnvParam("GITHUB_EVENT_NAME");
@@ -91880,7 +91880,7 @@ async function shouldEnableIndirectTracing(codeql, config) {
 
 // src/codeql.ts
 var cachedCodeQL = void 0;
-var CODEQL_MINIMUM_VERSION = "2.17.6";
+var CODEQL_MINIMUM_VERSION = "2.19.4";
 var CODEQL_NEXT_MINIMUM_VERSION = "2.19.4";
 var GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.15";
 var GHES_MOST_RECENT_DEPRECATION_DATE = "2026-04-09";
diff --git a/package-lock.json b/package-lock.json
index 638458e32..38d023c62 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "codeql",
-  "version": "4.35.5",
+  "version": "4.36.0",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "codeql",
-      "version": "4.35.5",
+      "version": "4.36.0",
       "license": "MIT",
       "workspaces": [
         "pr-checks"
diff --git a/package.json b/package.json
index e40fedf97..b281b88b4 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "codeql",
-  "version": "4.35.5",
+  "version": "4.36.0",
   "private": true,
   "description": "CodeQL action",
   "scripts": {
diff --git a/src/codeql.ts b/src/codeql.ts
index 66ed8cebe..38383c35b 100644
--- a/src/codeql.ts
+++ b/src/codeql.ts
@@ -277,7 +277,7 @@ let cachedCodeQL: CodeQL | undefined = undefined;
  * The version flags below can be used to conditionally enable certain features
  * on versions newer than this.
  */
-const CODEQL_MINIMUM_VERSION = "2.17.6";
+const CODEQL_MINIMUM_VERSION = "2.19.4";
 
 /**
  * This version will shortly become the oldest version of CodeQL that the Action will run with.