Use Docker SBOMs to inventory container images, verify dependencies, connect vulnerability scanning, and prepare supply-chain reviews before production changes.
Kubernetes 1.33 reaches end of life on June 28, 2026. Plan the upgrade path, confirm version skew, drain nodes safely, check add-ons, and verify workloads.
CISA added Linux kernel CVE-2022-0492 to KEV on June 2, 2026. Patch and reboot container hosts, shared hosting nodes, CI runners, and Linux servers that run untrusted workloads.
Kubernetes will correct older unfixed CVE records on June 1, 2026. Use this checklist to triage scanner alerts without mistaking configuration risks for simple patch gaps.
DirtyDecrypt CVE-2026-31635 Linux kernel patch guide for hosting, container, and admin fleets with RxRPC/RxGK exposure checks.
Update Caddy to 2.11.3 or later for CVE-2026-45135, then review PHP-FPM routing, upload paths, logs, and writable web directories.
Patch Kubernetes SMB CSI Driver CVE-2026-3865 to v1.20.1+, restrict PersistentVolume creation, review SMB exports, and verify backups.
Patch ingress-nginx CVE-2026-4342, review Kubernetes Ingress permissions, protect Secrets, and plan migration away from retired ingress-nginx.
Updated May 30: add CVE-2026-9256 and verify fixed NGINX 1.30.2 or 1.31.1 packages on hosting servers, CDN origins, reverse proxies, and Kubernetes workloads.
Broadcom TNZ-2026-0278 fixes 10 CVEs in VMware Tanzu RabbitMQ on Kubernetes. Update cluster packages and verify RabbitMQ health safely.
