Kubernetes will correct older unfixed CVE records on June 1, 2026. Use this checklist to triage scanner alerts without mistaking configuration risks for simple patch gaps.
Patch Kubernetes SMB CSI Driver CVE-2026-3865 to v1.20.1+, restrict PersistentVolume creation, review SMB exports, and verify backups.
Patch ingress-nginx CVE-2026-4342, review Kubernetes Ingress permissions, protect Secrets, and plan migration away from retired ingress-nginx.
Patch Apache Flink CVE-2026-35194 by upgrading to fixed Flink releases, restricting query submission, and reviewing recent cluster job activity.
Broadcom TNZ-2026-0278 fixes 10 CVEs in VMware Tanzu RabbitMQ on Kubernetes. Update cluster packages and verify RabbitMQ health safely.
