I see https://github.com/rancher/rancher/pull/40954 resolves a "high severity" security issue in a dependency, is there a way to get this addressed quicker (not sure who to mention on this issue)?

The teams are currently finalizing the 2.7.2 release. Everything going into that release has been locked in for well over a month at this point. I imagine this will get picked up after the release is done.

Thanks for your response! I understand, that you want to ship it. I wonder if the release process has a step address open security vulnerabilities?

Speaking generally - not during release, no. That would be way too late. That happens during planning for next cycle. If there is something critical there will be a very short unplanned cycle of planning followed by release.