diff --git a/java/ql/lib/change-notes/2025-10-07-array-entrypointtype.md b/java/ql/lib/change-notes/2025-10-07-array-entrypointtype.md
new file mode 100644
index 000000000000..45b898b6b2a6
--- /dev/null
+++ b/java/ql/lib/change-notes/2025-10-07-array-entrypointtype.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Fields of certain objects are considered tainted if the object is tainted. This holds, for example, for objects that occur directly as sources in the active threat model (for instance, a remote flow source). This has now been amended to also include array types, such that if an array like `MyPojo[]` is a source, then fields of a tainted `MyPojo` are now also considered tainted.
diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll b/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
index b5e7fd53c9fd..5f1d6b66af56 100644
--- a/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
@@ -655,6 +655,8 @@ private SrcRefType entrypointType() {
   )
   or
   result = entrypointType().getAField().getType().(RefType).getSourceDeclaration()
+  or
+  result = entrypointType().(Array).getElementType().(RefType).getSourceDeclaration()
 }
 
 private predicate entrypointFieldStep(DataFlow::Node src, DataFlow::Node sink) {
diff --git a/java/ql/test/library-tests/dataflow/entrypoint-types/EntryPointTypesTest.java b/java/ql/test/library-tests/dataflow/entrypoint-types/EntryPointTypesTest.java
index 983cb72ffb26..52d26974373d 100644
--- a/java/ql/test/library-tests/dataflow/entrypoint-types/EntryPointTypesTest.java
+++ b/java/ql/test/library-tests/dataflow/entrypoint-types/EntryPointTypesTest.java
@@ -41,6 +41,10 @@ class UnrelatedObject {
         public String safeField;
     }
 
+    static class ArrayElemObject {
+        public String field;
+    }
+
     private static void sink(String sink) {}
 
     public static void test(TestObject source) {
@@ -70,4 +74,8 @@ public static void testSubtype(ParameterizedTestObject<?, ?> source) {
         UnrelatedObject unrelated = (UnrelatedObject) subtypeSource.getField8();
         sink(unrelated.safeField); // Safe
     }
+
+    public static void testArray(ArrayElemObject[] source) {
+        sink(source[0].field); // $hasTaintFlow
+    }
 }