diff --git a/csharp/ql/src/Security Features/CWE-134/UncontrolledFormatString.ql b/csharp/ql/src/Security Features/CWE-134/UncontrolledFormatString.ql
index b99839226c59..3fc132eb3016 100644
--- a/csharp/ql/src/Security Features/CWE-134/UncontrolledFormatString.ql	
+++ b/csharp/ql/src/Security Features/CWE-134/UncontrolledFormatString.ql	
@@ -4,7 +4,7 @@
  *              and cause a denial of service.
  * @kind path-problem
  * @problem.severity error
- * @security-severity 9.3
+ * @security-severity 7.3
  * @precision high
  * @id cs/uncontrolled-format-string
  * @tags security
diff --git a/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql b/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql
index fc5af977a331..ffb191327a2b 100644
--- a/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql
+++ b/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql
@@ -3,7 +3,7 @@
  * @description Using external input in format strings can lead to exceptions or information leaks.
  * @kind path-problem
  * @problem.severity error
- * @security-severity 9.3
+ * @security-severity 7.3
  * @precision high
  * @id java/tainted-format-string
  * @tags security
diff --git a/swift/ql/src/queries/Security/CWE-134/UncontrolledFormatString.ql b/swift/ql/src/queries/Security/CWE-134/UncontrolledFormatString.ql
index 7f6ea32341b2..4376f0f4c0f3 100644
--- a/swift/ql/src/queries/Security/CWE-134/UncontrolledFormatString.ql
+++ b/swift/ql/src/queries/Security/CWE-134/UncontrolledFormatString.ql
@@ -3,7 +3,7 @@
  * @description Using external input in format strings can lead to exceptions or information leaks.
  * @kind path-problem
  * @problem.severity error
- * @security-severity 9.3
+ * @security-severity 7.3
  * @precision high
  * @id swift/uncontrolled-format-string
  * @tags security