diff --git a/CHANGELOG.md b/CHANGELOG.md
index e1db375..f40aa83 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,10 @@
 
 ## [Unreleased]
 
+### Fixed
+
+- Pin Marketplace ZIP Signer to `0.1.43` so `signPlugin` is deterministically resolvable and no longer fails with "No Marketplace ZIP Signer executable found" on a stale Gradle cache in the nightly/release workflows
+
 ## [261.19017.1] - 2026-04-28
 
 ### Added
diff --git a/build.gradle.kts b/build.gradle.kts
index b5ecaf6..7740235 100644
--- a/build.gradle.kts
+++ b/build.gradle.kts
@@ -65,7 +65,12 @@ dependencies {
         bundledPlugin("com.intellij.modules.json")
 
         pluginVerifier()
-        zipSigner()
+        // Pin the Marketplace ZIP Signer version so the signing dependency is always
+        // deterministically resolvable. Without a version, a stale Gradle cache restored
+        // by gradle/actions (e.g. saved by a non-signing build.yml run) can leave the
+        // signing configuration empty, causing signPlugin to fail with
+        // "No Marketplace ZIP Signer executable found" in the nightly/release workflows.
+        zipSigner("0.1.43")
 
         testFramework(TestFrameworkType.Platform)
         testFramework(TestFrameworkType.Plugin.Java)