# Flatcar Container Linux Release - April 21st, 2026 ## Alpha 4669.0.0 - AMD64-usr - Platforms succeeded: all - Platforms failed: Azure (cl.internet cl.misc.nvidia ) - Platforms not tested: Digital Ocean - ARM64-usr - Platforms succeeded: all - Platforms failed: none - Platforms not tested: None ## Beta 4628.1.0 - AMD64-usr - Platforms succeeded: all - Platforms failed: Azure (cl.internet cl.misc.nvidia) - Platforms not tested: Digital Ocean - ARM64-usr - Platforms succeeded: all - Platforms failed: none - Platforms not tested: None ## Stable 4593.2.0 - AMD64-usr - Platforms succeeded: all - Platforms failed: azure (cl.internet cl.misc.nvidia) - Platforms not tested: Digital Ocean - ARM64-usr - Platforms succeeded: all - Platforms failed: none - Platforms not tested: None ## LTS 4081.3.7 - AMD64-usr - Platforms succeeded: all - Platforms failed: azure (cl.internet cl.misc.nvidia cl.network.iptables coreos.ignition.ssh.key) - Platforms not tested: Digital Ocean - ARM64-usr - Platforms succeeded: all - Platforms failed: azure (bpf.ig coreos.ignition.ssh.key) - Platforms not tested: None VERDICT: _GO_ ## Communication --- #### Guidelines / Things to Remember - Release notes are used in a PR and will appear on https://www.flatcar.org/releases/ - [Announcement Message](#Announcement-Message) is posted in [Flatcar-Linux-user](https://groups.google.com/g/flatcar-linux-user). Make sure to post as “Flatcar Container Linux User”, not with your personal user (this can be selected when drafting the post). - Make sure the the LTS is referred to as `LTS-2021`, and not `LTS-2605` --- ### Announcement Message Subject: Announcing new releases Alpha 4669.0.0, Beta 4628.1.0, Stable 4593.2.0, LTS 4081.3.7 Hello, We are pleased to announce a new Flatcar Container Linux release for the Alpha, Beta, Stable, and LTS channel. ### Alpha 4669.0.0 _Changes since **Alpha 4628.0.0**_ #### Security fixes: - Linux ([CVE-2026-31411](https://nvd.nist.gov/vuln/detail/CVE-2026-31411), [CVE-2026-23273](https://nvd.nist.gov/vuln/detail/CVE-2026-23273), [CVE-2026-23251](https://nvd.nist.gov/vuln/detail/CVE-2026-23251), [CVE-2026-23249](https://nvd.nist.gov/vuln/detail/CVE-2026-23249), [CVE-2026-23250](https://nvd.nist.gov/vuln/detail/CVE-2026-23250), [CVE-2025-71265](https://nvd.nist.gov/vuln/detail/CVE-2025-71265), [CVE-2026-23243](https://nvd.nist.gov/vuln/detail/CVE-2026-23243), [CVE-2026-23242](https://nvd.nist.gov/vuln/detail/CVE-2026-23242), [CVE-2025-71267](https://nvd.nist.gov/vuln/detail/CVE-2025-71267), [CVE-2025-71266](https://nvd.nist.gov/vuln/detail/CVE-2025-71266), [CVE-2025-71239](https://nvd.nist.gov/vuln/detail/CVE-2025-71239), [CVE-2026-23241](https://nvd.nist.gov/vuln/detail/CVE-2026-23241), [CVE-2026-23239](https://nvd.nist.gov/vuln/detail/CVE-2026-23239), [CVE-2026-23240](https://nvd.nist.gov/vuln/detail/CVE-2026-23240), [CVE-2026-23426](https://nvd.nist.gov/vuln/detail/CVE-2026-23426), [CVE-2026-23422](https://nvd.nist.gov/vuln/detail/CVE-2026-23422), [CVE-2026-23420](https://nvd.nist.gov/vuln/detail/CVE-2026-23420), [CVE-2026-23419](https://nvd.nist.gov/vuln/detail/CVE-2026-23419), [CVE-2026-23410](https://nvd.nist.gov/vuln/detail/CVE-2026-23410), [CVE-2026-23409](https://nvd.nist.gov/vuln/detail/CVE-2026-23409), [CVE-2026-23408](https://nvd.nist.gov/vuln/detail/CVE-2026-23408), [CVE-2026-23407](https://nvd.nist.gov/vuln/detail/CVE-2026-23407), [CVE-2026-23406](https://nvd.nist.gov/vuln/detail/CVE-2026-23406), [CVE-2026-23405](https://nvd.nist.gov/vuln/detail/CVE-2026-23405), [CVE-2026-23404](https://nvd.nist.gov/vuln/detail/CVE-2026-23404), [CVE-2026-23403](https://nvd.nist.gov/vuln/detail/CVE-2026-23403), [CVE-2026-23411](https://nvd.nist.gov/vuln/detail/CVE-2026-23411), [CVE-2026-23359](https://nvd.nist.gov/vuln/detail/CVE-2026-23359), [CVE-2026-23357](https://nvd.nist.gov/vuln/detail/CVE-2026-23357), [CVE-2026-23356](https://nvd.nist.gov/vuln/detail/CVE-2026-23356), [CVE-2026-23354](https://nvd.nist.gov/vuln/detail/CVE-2026-23354), [CVE-2026-23388](https://nvd.nist.gov/vuln/detail/CVE-2026-23388), [CVE-2026-23387](https://nvd.nist.gov/vuln/detail/CVE-2026-23387), [CVE-2026-23383](https://nvd.nist.gov/vuln/detail/CVE-2026-23383), [CVE-2026-23382](https://nvd.nist.gov/vuln/detail/CVE-2026-23382), [CVE-2026-23381](https://nvd.nist.gov/vuln/detail/CVE-2026-23381), [CVE-2026-23380](https://nvd.nist.gov/vuln/detail/CVE-2026-23380), [CVE-2026-23379](https://nvd.nist.gov/vuln/detail/CVE-2026-23379), [CVE-2026-23378](https://nvd.nist.gov/vuln/detail/CVE-2026-23378), [CVE-2026-23373](https://nvd.nist.gov/vuln/detail/CVE-2026-23373), [CVE-2026-23372](https://nvd.nist.gov/vuln/detail/CVE-2026-23372), [CVE-2026-23370](https://nvd.nist.gov/vuln/detail/CVE-2026-23370), [CVE-2026-23352](https://nvd.nist.gov/vuln/detail/CVE-2026-23352), [CVE-2026-23369](https://nvd.nist.gov/vuln/detail/CVE-2026-23369), [CVE-2026-23367](https://nvd.nist.gov/vuln/detail/CVE-2026-23367), [CVE-2026-23365](https://nvd.nist.gov/vuln/detail/CVE-2026-23365), [CVE-2026-23363](https://nvd.nist.gov/vuln/detail/CVE-2026-23363), [CVE-2026-23362](https://nvd.nist.gov/vuln/detail/CVE-2026-23362), [CVE-2026-23361](https://nvd.nist.gov/vuln/detail/CVE-2026-23361), [CVE-2026-23360](https://nvd.nist.gov/vuln/detail/CVE-2026-23360), [CVE-2026-23351](https://nvd.nist.gov/vuln/detail/CVE-2026-23351), [CVE-2026-23308](https://nvd.nist.gov/vuln/detail/CVE-2026-23308), [CVE-2026-23307](https://nvd.nist.gov/vuln/detail/CVE-2026-23307), [CVE-2026-23306](https://nvd.nist.gov/vuln/detail/CVE-2026-23306), [CVE-2026-23304](https://nvd.nist.gov/vuln/detail/CVE-2026-23304), [CVE-2026-23347](https://nvd.nist.gov/vuln/detail/CVE-2026-23347), [CVE-2026-23343](https://nvd.nist.gov/vuln/detail/CVE-2026-23343), [CVE-2026-23340](https://nvd.nist.gov/vuln/detail/CVE-2026-23340), [CVE-2026-23339](https://nvd.nist.gov/vuln/detail/CVE-2026-23339), [CVE-2026-23303](https://nvd.nist.gov/vuln/detail/CVE-2026-23303), [CVE-2026-23336](https://nvd.nist.gov/vuln/detail/CVE-2026-23336), [CVE-2026-23335](https://nvd.nist.gov/vuln/detail/CVE-2026-23335), [CVE-2026-23334](https://nvd.nist.gov/vuln/detail/CVE-2026-23334), [CVE-2026-23325](https://nvd.nist.gov/vuln/detail/CVE-2026-23325), [CVE-2026-23324](https://nvd.nist.gov/vuln/detail/CVE-2026-23324), [CVE-2026-23319](https://nvd.nist.gov/vuln/detail/CVE-2026-23319), [CVE-2026-23318](https://nvd.nist.gov/vuln/detail/CVE-2026-23318), [CVE-2026-23317](https://nvd.nist.gov/vuln/detail/CVE-2026-23317), [CVE-2026-23316](https://nvd.nist.gov/vuln/detail/CVE-2026-23316), [CVE-2026-23315](https://nvd.nist.gov/vuln/detail/CVE-2026-23315), [CVE-2026-23313](https://nvd.nist.gov/vuln/detail/CVE-2026-23313), [CVE-2026-23312](https://nvd.nist.gov/vuln/detail/CVE-2026-23312), [CVE-2026-23310](https://nvd.nist.gov/vuln/detail/CVE-2026-23310), [CVE-2026-23309](https://nvd.nist.gov/vuln/detail/CVE-2026-23309), [CVE-2026-23300](https://nvd.nist.gov/vuln/detail/CVE-2026-23300), [CVE-2026-23279](https://nvd.nist.gov/vuln/detail/CVE-2026-23279), [CVE-2026-23287](https://nvd.nist.gov/vuln/detail/CVE-2026-23287), [CVE-2026-23286](https://nvd.nist.gov/vuln/detail/CVE-2026-23286), [CVE-2026-23285](https://nvd.nist.gov/vuln/detail/CVE-2026-23285), [CVE-2026-23284](https://nvd.nist.gov/vuln/detail/CVE-2026-23284), [CVE-2026-23298](https://nvd.nist.gov/vuln/detail/CVE-2026-23298), [CVE-2026-23297](https://nvd.nist.gov/vuln/detail/CVE-2026-23297), [CVE-2026-23296](https://nvd.nist.gov/vuln/detail/CVE-2026-23296), [CVE-2026-23293](https://nvd.nist.gov/vuln/detail/CVE-2026-23293), [CVE-2026-23292](https://nvd.nist.gov/vuln/detail/CVE-2026-23292), [CVE-2026-23291](https://nvd.nist.gov/vuln/detail/CVE-2026-23291), [CVE-2026-23290](https://nvd.nist.gov/vuln/detail/CVE-2026-23290), [CVE-2026-23289](https://nvd.nist.gov/vuln/detail/CVE-2026-23289), [CVE-2026-23271](https://nvd.nist.gov/vuln/detail/CVE-2026-23271), [CVE-2026-23270](https://nvd.nist.gov/vuln/detail/CVE-2026-23270), [CVE-2026-23268](https://nvd.nist.gov/vuln/detail/CVE-2026-23268), [CVE-2026-23269](https://nvd.nist.gov/vuln/detail/CVE-2026-23269), [CVE-2026-23253](https://nvd.nist.gov/vuln/detail/CVE-2026-23253), [CVE-2026-23246](https://nvd.nist.gov/vuln/detail/CVE-2026-23246), [CVE-2026-23244](https://nvd.nist.gov/vuln/detail/CVE-2026-23244), [CVE-2026-31412](https://nvd.nist.gov/vuln/detail/CVE-2026-31412), [CVE-2026-31410](https://nvd.nist.gov/vuln/detail/CVE-2026-31410), [CVE-2026-31409](https://nvd.nist.gov/vuln/detail/CVE-2026-31409), [CVE-2026-31405](https://nvd.nist.gov/vuln/detail/CVE-2026-31405), [CVE-2026-31394](https://nvd.nist.gov/vuln/detail/CVE-2026-31394), [CVE-2026-31393](https://nvd.nist.gov/vuln/detail/CVE-2026-31393), [CVE-2026-31392](https://nvd.nist.gov/vuln/detail/CVE-2026-31392), [CVE-2026-31391](https://nvd.nist.gov/vuln/detail/CVE-2026-31391), [CVE-2026-31389](https://nvd.nist.gov/vuln/detail/CVE-2026-31389), [CVE-2026-23475](https://nvd.nist.gov/vuln/detail/CVE-2026-23475), [CVE-2026-23474](https://nvd.nist.gov/vuln/detail/CVE-2026-23474), [CVE-2026-31403](https://nvd.nist.gov/vuln/detail/CVE-2026-31403), [CVE-2026-31402](https://nvd.nist.gov/vuln/detail/CVE-2026-31402), [CVE-2026-31401](https://nvd.nist.gov/vuln/detail/CVE-2026-31401), [CVE-2026-31400](https://nvd.nist.gov/vuln/detail/CVE-2026-31400), [CVE-2026-31399](https://nvd.nist.gov/vuln/detail/CVE-2026-31399), [CVE-2026-31396](https://nvd.nist.gov/vuln/detail/CVE-2026-31396), [CVE-2026-23446](https://nvd.nist.gov/vuln/detail/CVE-2026-23446), [CVE-2026-23445](https://nvd.nist.gov/vuln/detail/CVE-2026-23445), [CVE-2026-23443](https://nvd.nist.gov/vuln/detail/CVE-2026-23443), [CVE-2026-23441](https://nvd.nist.gov/vuln/detail/CVE-2026-23441), [CVE-2026-23471](https://nvd.nist.gov/vuln/detail/CVE-2026-23471), [CVE-2026-23470](https://nvd.nist.gov/vuln/detail/CVE-2026-23470), [CVE-2026-23440](https://nvd.nist.gov/vuln/detail/CVE-2026-23440), [CVE-2026-23466](https://nvd.nist.gov/vuln/detail/CVE-2026-23466), [CVE-2026-23465](https://nvd.nist.gov/vuln/detail/CVE-2026-23465), [CVE-2026-23464](https://nvd.nist.gov/vuln/detail/CVE-2026-23464), [CVE-2026-23463](https://nvd.nist.gov/vuln/detail/CVE-2026-23463), [CVE-2026-23462](https://nvd.nist.gov/vuln/detail/CVE-2026-23462), [CVE-2026-23461](https://nvd.nist.gov/vuln/detail/CVE-2026-23461), [CVE-2026-23460](https://nvd.nist.gov/vuln/detail/CVE-2026-23460), [CVE-2026-23458](https://nvd.nist.gov/vuln/detail/CVE-2026-23458), [CVE-2026-23457](https://nvd.nist.gov/vuln/detail/CVE-2026-23457), [CVE-2026-23439](https://nvd.nist.gov/vuln/detail/CVE-2026-23439), [CVE-2026-23456](https://nvd.nist.gov/vuln/detail/CVE-2026-23456), [CVE-2026-23455](https://nvd.nist.gov/vuln/detail/CVE-2026-23455), [CVE-2026-23454](https://nvd.nist.gov/vuln/detail/CVE-2026-23454), [CVE-2026-23452](https://nvd.nist.gov/vuln/detail/CVE-2026-23452), [CVE-2026-23450](https://nvd.nist.gov/vuln/detail/CVE-2026-23450), [CVE-2026-23449](https://nvd.nist.gov/vuln/detail/CVE-2026-23449), [CVE-2026-23448](https://nvd.nist.gov/vuln/detail/CVE-2026-23448), [CVE-2026-23447](https://nvd.nist.gov/vuln/detail/CVE-2026-23447), [CVE-2026-23438](https://nvd.nist.gov/vuln/detail/CVE-2026-23438), [CVE-2026-23434](https://nvd.nist.gov/vuln/detail/CVE-2026-23434), [CVE-2026-23427](https://nvd.nist.gov/vuln/detail/CVE-2026-23427), [CVE-2026-23428](https://nvd.nist.gov/vuln/detail/CVE-2026-23428), [CVE-2026-23413](https://nvd.nist.gov/vuln/detail/CVE-2026-23413), [CVE-2026-23412](https://nvd.nist.gov/vuln/detail/CVE-2026-23412), [CVE-2026-23399](https://nvd.nist.gov/vuln/detail/CVE-2026-23399), [CVE-2026-23398](https://nvd.nist.gov/vuln/detail/CVE-2026-23398), [CVE-2026-23396](https://nvd.nist.gov/vuln/detail/CVE-2026-23396), [CVE-2026-23397](https://nvd.nist.gov/vuln/detail/CVE-2026-23397), [CVE-2026-23391](https://nvd.nist.gov/vuln/detail/CVE-2026-23391), [CVE-2026-23395](https://nvd.nist.gov/vuln/detail/CVE-2026-23395), [CVE-2026-23393](https://nvd.nist.gov/vuln/detail/CVE-2026-23393), [CVE-2026-23392](https://nvd.nist.gov/vuln/detail/CVE-2026-23392), [CVE-2026-23386](https://nvd.nist.gov/vuln/detail/CVE-2026-23386), [CVE-2026-23375](https://nvd.nist.gov/vuln/detail/CVE-2026-23375), [CVE-2026-23368](https://nvd.nist.gov/vuln/detail/CVE-2026-23368), [CVE-2026-23364](https://nvd.nist.gov/vuln/detail/CVE-2026-23364), [CVE-2026-23321](https://nvd.nist.gov/vuln/detail/CVE-2026-23321), [CVE-2026-23281](https://nvd.nist.gov/vuln/detail/CVE-2026-23281), [CVE-2026-31788](https://nvd.nist.gov/vuln/detail/CVE-2026-31788), [CVE-2024-57946](https://nvd.nist.gov/vuln/detail/CVE-2024-57946), [CVE-2024-57807](https://nvd.nist.gov/vuln/detail/CVE-2024-57807), [CVE-2024-57806](https://nvd.nist.gov/vuln/detail/CVE-2024-57806), [CVE-2024-57805](https://nvd.nist.gov/vuln/detail/CVE-2024-57805), [CVE-2024-57804](https://nvd.nist.gov/vuln/detail/CVE-2024-57804), [CVE-2024-57800](https://nvd.nist.gov/vuln/detail/CVE-2024-57800), [CVE-2024-57799](https://nvd.nist.gov/vuln/detail/CVE-2024-57799), [CVE-2024-57798](https://nvd.nist.gov/vuln/detail/CVE-2024-57798), [CVE-2024-57792](https://nvd.nist.gov/vuln/detail/CVE-2024-57792), [CVE-2024-57793](https://nvd.nist.gov/vuln/detail/CVE-2024-57793), [CVE-2024-56757](https://nvd.nist.gov/vuln/detail/CVE-2024-56757), [CVE-2024-56766](https://nvd.nist.gov/vuln/detail/CVE-2024-56766), [CVE-2024-56765](https://nvd.nist.gov/vuln/detail/CVE-2024-56765), [CVE-2024-56764](https://nvd.nist.gov/vuln/detail/CVE-2024-56764), [CVE-2024-56763](https://nvd.nist.gov/vuln/detail/CVE-2024-56763), [CVE-2024-56762](https://nvd.nist.gov/vuln/detail/CVE-2024-56762), [CVE-2024-56761](https://nvd.nist.gov/vuln/detail/CVE-2024-56761), [CVE-2024-56760](https://nvd.nist.gov/vuln/detail/CVE-2024-56760), [CVE-2024-56759](https://nvd.nist.gov/vuln/detail/CVE-2024-56759), [CVE-2024-56769](https://nvd.nist.gov/vuln/detail/CVE-2024-56769), [CVE-2024-56768](https://nvd.nist.gov/vuln/detail/CVE-2024-56768), [CVE-2024-56767](https://nvd.nist.gov/vuln/detail/CVE-2024-56767), [CVE-2024-56758](https://nvd.nist.gov/vuln/detail/CVE-2024-56758), [CVE-2026-31428](https://nvd.nist.gov/vuln/detail/CVE-2026-31428), [CVE-2026-31427](https://nvd.nist.gov/vuln/detail/CVE-2026-31427), [CVE-2026-31426](https://nvd.nist.gov/vuln/detail/CVE-2026-31426), [CVE-2026-31413](https://nvd.nist.gov/vuln/detail/CVE-2026-31413), [CVE-2026-31408](https://nvd.nist.gov/vuln/detail/CVE-2026-31408), [CVE-2026-31406](https://nvd.nist.gov/vuln/detail/CVE-2026-31406), [CVE-2026-23417](https://nvd.nist.gov/vuln/detail/CVE-2026-23417), [CVE-2026-23414](https://nvd.nist.gov/vuln/detail/CVE-2026-23414), [CVE-2026-31425](https://nvd.nist.gov/vuln/detail/CVE-2026-31425), [CVE-2026-31424](https://nvd.nist.gov/vuln/detail/CVE-2026-31424), [CVE-2026-31423](https://nvd.nist.gov/vuln/detail/CVE-2026-31423), [CVE-2026-31422](https://nvd.nist.gov/vuln/detail/CVE-2026-31422), [CVE-2026-31421](https://nvd.nist.gov/vuln/detail/CVE-2026-31421), [CVE-2026-31414](https://nvd.nist.gov/vuln/detail/CVE-2026-31414), [CVE-2026-31418](https://nvd.nist.gov/vuln/detail/CVE-2026-31418), [CVE-2026-31417](https://nvd.nist.gov/vuln/detail/CVE-2026-31417), [CVE-2026-31416](https://nvd.nist.gov/vuln/detail/CVE-2026-31416), [CVE-2026-31415](https://nvd.nist.gov/vuln/detail/CVE-2026-31415)) - c-ares ([CVE-2025-62408](https://www.cve.org/CVERecord?id=CVE-2025-62408)) - curl ([CVE-2025-13034](https://www.cve.org/CVERecord?id=CVE-2025-13034), [CVE-2025-14017](https://www.cve.org/CVERecord?id=CVE-2025-14017), [CVE-2025-14524](https://www.cve.org/CVERecord?id=CVE-2025-14524), [CVE-2025-14819](https://www.cve.org/CVERecord?id=CVE-2025-14819), [CVE-2025-15079](https://www.cve.org/CVERecord?id=CVE-2025-15079), [CVE-2025-15224](https://www.cve.org/CVERecord?id=CVE-2025-15224)) - expat ([CVE-2026-24515](https://www.cve.org/CVERecord?id=CVE-2026-24515), [CVE-2026-25210](https://www.cve.org/CVERecord?id=CVE-2026-25210)) - glib ([CVE-2025-13601](https://www.cve.org/CVERecord?id=CVE-2025-13601), [CVE-2025-14087](https://www.cve.org/CVERecord?id=CVE-2025-14087)) - glibc ([CVE-2026-0861](https://www.cve.org/CVERecord?id=CVE-2026-0861), [CVE-2026-0915](https://www.cve.org/CVERecord?id=CVE-2026-0915), [CVE-2025-15281](https://www.cve.org/CVERecord?id=CVE-2025-15281)) - gnupg ([CVE-2026-24881](https://www.cve.org/CVERecord?id=CVE-2026-24881), [CVE-2026-24882](https://www.cve.org/CVERecord?id=CVE-2026-24882), [CVE-2026-24883](https://www.cve.org/CVERecord?id=CVE-2026-24883)) - gnutls ([CVE-2025-14831](https://www.cve.org/CVERecord?id=CVE-2025-14831), [CVE-2026-1584](https://www.cve.org/CVERecord?id=CVE-2026-1584)) - incus ([CVE-2026-23953](https://www.cve.org/CVERecord?id=CVE-2026-23953)) - intel-microcode ([CVE-2025-31648](https://www.cve.org/CVERecord?id=CVE-2025-31648)) - libpcap ([CVE-2025-11961](https://www.cve.org/CVERecord?id=CVE-2025-11961), [CVE-2025-11964](https://www.cve.org/CVERecord?id=CVE-2025-11964)) - libtasn1 ([CVE-2025-13151](https://www.cve.org/CVERecord?id=CVE-2025-13151)) - libxslt ([CVE-2025-10911](https://www.cve.org/CVERecord?id=CVE-2025-10911), [CVE-2025-11731](https://www.cve.org/CVERecord?id=CVE-2025-9714)) - nvidia-drivers ([CVE-2025-33219](https://www.cve.org/CVERecord?id=CVE-2025-33219)) - p11-kit ([CVE-2026-2100](https://www.cve.org/CVERecord?id=CVE-2026-2100)) - rsync ([CVE-2025-10158](https://www.cve.org/CVERecord?id=CVE-2025-10158)) - sssd ([CVE-2025-11561](https://www.cve.org/CVERecord?id=CVE-2025-11561)) - util-linux ([CVE-2025-14104](https://www.cve.org/CVERecord?id=CVE-2025-14104)) #### Bug fixes: - Fixed loading Ignition config from the initrd with `ignition.config.url=oem:///myconf.ign`. This was broken since moving to the minimal initrd. ([scripts#3853](https://github.com/flatcar/scripts/pull/3853)) - Restored the ability to customize PXE images with OEM data. This was broken since moving to the minimal initrd. ([Flatcar#2023](https://github.com/flatcar/Flatcar/issues/2023)) #### Changes: - Build AMD GPU driver as module ([scripts#3461](https://github.com/flatcar/scripts/pull/3461)) #### Updates: - Linux ([6.12.81](https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tag/?h=v6.12.81) (includes [6.12.80](https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tag/?h=v6.12.80), [6.12.79](https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tag/?h=v6.12.79), [6.12.78](https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tag/?h=v6.12.78), [6.12.77](https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tag/?h=v6.12.77), [6.12.76](https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tag/?h=v6.12.76), [6.12.75](https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tag/?h=v6.12.75))) - Linux Firmware ([20260309](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20260309) (includes [20260221](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20260221))) - SDK: catalyst ([4.1.1](https://gitweb.gentoo.org/proj/catalyst.git/log/?h=4.1.1)) - SDK: gnu-efi ([4.0.4](https://github.com/ncroxon/gnu-efi/releases/tag/4.0.4) (includes [4.0.3](https://github.com/ncroxon/gnu-efi/releases/tag/4.0.3))) - SDK: meson ([1.9.2](https://github.com/mesonbuild/meson/commits/1.9.2/)) - SDK: qemu ([10.2.0](https://wiki.qemu.org/ChangeLog/10.2) (includes [10.1.0](https://wiki.qemu.org/ChangeLog/10.1))) - SDK: rust ([1.92.0_p1](https://blog.rust-lang.org/2025/12/11/Rust-1.92.0/)) - base, dev: binutils-libs ([2.46.0](https://sourceware.org/pipermail/binutils/2026-February/148149.html)) - base, dev: c-ares ([1.34.6](https://github.com/c-ares/c-ares/releases/tag/v1.34.6)) - base, dev: cryptsetup ([2.8.3](https://gitlab.com/cryptsetup/cryptsetup/-/raw/v2.8.3/docs/v2.8.3-ReleaseNotes) (includes [2.8.2](https://gitlab.com/cryptsetup/cryptsetup/-/raw/v2.8.2/docs/v2.8.2-ReleaseNotes))) - base, dev: curl ([8.18.0](https://curl.se/ch/8.18.0.html)) - base, dev: expat ([2.7.4](https://github.com/libexpat/libexpat/blob/R_2_7_4/expat/Changes)) - base, dev: gentoo-functions ([1.7.6](https://gitweb.gentoo.org/proj/gentoo-functions.git/log/?h=gentoo-functions-1.7.6)) - base, dev: glibc ([2.42](https://lists.gnu.org/archive/html/info-gnu/2025-07/msg00011.html)) - base, dev: gnupg ([2.5.17](https://files.gnupg.net/file/data/jiwtprsp56hruiqgobdo/PHID-FILE-xmky7kawpp72qwjjv3ss/NEWS)) - base, dev: gnutls ([3.8.12](https://lists.gnutls.org/pipermail/gnutls-help/2026-February/004914.html)) - base, dev: intel-microcode ([20260227_p20260227](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20260227) (includes [20260210_p20260211](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20260210-rev1))) - base, dev: iproute2 ([6.18.0](https://www.spinics.net/lists/netdev/msg1142134.html)) - base, dev: libgpg-error ([1.58](https://raw.githubusercontent.com/gpg/libgpg-error/refs/tags/libgpg-error-1.58/NEWS)) - base, dev: libnl ([3.12.0](https://lists.infradead.org/pipermail/libnl/2025-December/002442.html)) - base, dev: libpcap ([1.10.6](https://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.10.6/CHANGES)) - base, dev: libsodium ([1.0.21_p20260122](https://github.com/jedisct1/libsodium/releases/tag/1.0.21-RELEASE)) - base, dev: libtasn1 ([4.21.0](https://lists.gnu.org/archive/html/info-gnu/2026-01/msg00003.html)) - base, dev: linux-headers ([6.18](https://kernelnewbies.org/Linux_6.18)) - base, dev: nftables ([1.1.6](https://lwn.net/Articles/1049470/)) - base, dev: nghttp2 ([1.68.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.68.0) (includes [1.67.1](https://github.com/nghttp2/nghttp2/releases/tag/v1.67.1), [1.67.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.67.0), [1.66.0](https://github.com/nghttp2/nghttp2/releases/tag/v1.66.0))) - base, dev: p11-kit ([0.26.2](https://github.com/p11-glue/p11-kit/releases/tag/0.26.2) (includes [0.26.1](https://github.com/p11-glue/p11-kit/releases/tag/0.26.1), [0.26.0](https://github.com/p11-glue/p11-kit/releases/tag/0.26.0), [0.25.10](https://github.com/p11-glue/p11-kit/releases/tag/0.25.10), [0.25.9](https://github.com/p11-glue/p11-kit/releases/tag/0.25.9), [0.25.8](https://github.com/p11-glue/p11-kit/releases/tag/0.25.8), [0.25.7](https://github.com/p11-glue/p11-kit/releases/tag/0.25.7), [0.25.6](https://github.com/p11-glue/p11-kit/releases/tag/0.25.6))) - base, dev: pam ([1.7.2](https://github.com/linux-pam/linux-pam/releases/tag/v1.7.2)) - base, dev: pax-utils ([1.3.10](https://gitweb.gentoo.org/proj/pax-utils.git/log/?h=v1.3.10)) - base, dev: quota ([4.11](https://sourceforge.net/projects/linuxquota/files/quota-tools/4.11/)) - base, dev: socat ([1.8.1.0](https://repo.or.cz/socat.git/blob/refs/tags/tag-1.8.1.0:/CHANGES)) - base, dev: sqlite ([3.51.2](https://sqlite.org/releaselog/3_51_2.html)) - base, dev: sssd ([2.9.8](https://sssd.io/release-notes/sssd-2.9.8.html)) - base, dev: strace ([6.18](https://github.com/strace/strace/releases/tag/v6.18)) - base, dev: systemd ([258.3](https://github.com/systemd/systemd/releases/tag/v258)) - base, dev: tcpdump ([4.99.6](https://raw.githubusercontent.com/the-tcpdump-group/tcpdump/refs/tags/tcpdump-4.99.6/CHANGES)) - base, dev: timezone-data ([2025c](https://lists.iana.org/hyperkitty/list/tz-announce@iana.org/thread/TAGXKYLMAQRZRFTERQ33CEKOW7KRJVAK/)) - base, dev: util-linux ([2.41.3](https://raw.githubusercontent.com/util-linux/util-linux/refs/tags/v2.41.3/Documentation/releases/v2.41.3-ReleaseNotes)) - base, dev: wireguard-tools ([1.0.20250521](https://git.zx2c4.com/wireguard-tools/log/?h=v1.0.20250521)) - base, dev: xfsprogs ([6.18.0](https://web.git.kernel.org/pub/scm/fs/xfs/xfsprogs-dev.git/plain/doc/CHANGES?h=v6.18.0)) - base, dev: xz-utils ([5.8.2](https://github.com/tukaani-project/xz/releases/tag/v5.8.2)) - ca-certificates ([3.122](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_122.html) (includes [3.121](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_121.html))) - dev: binutils ([2.46.0](https://sourceware.org/pipermail/binutils/2026-February/148149.html)) - dev: eselect ([1.4.31](https://gitweb.gentoo.org/proj/eselect.git/plain/NEWS?id=598206e66aa7c08192113249e13f4083a13deeae)) - dev: gdb ([17.1](https://sourceware.org/pipermail/gdb-announce/2025/000147.html)) - dev: gentoolkit ([0.7.1](https://gitweb.gentoo.org/proj/gentoolkit.git/log/?h=gentoolkit-0.7.1)) - dev: iperf ([3.20](https://github.com/esnet/iperf/releases/tag/3.20)) - dev: portage ([3.0.77](https://codeberg.org/gentoo/portage/raw/tag/portage-3.0.77/NEWS) (includes [3.0.76](https://codeberg.org/gentoo/portage/raw/tag/portage-3.0.76/NEWS), [3.0.75](https://codeberg.org/gentoo/portage/raw/tag/portage-3.0.75/NEWS), [3.0.74](https://codeberg.org/gentoo/portage/raw/tag/portage-3.0.74/NEWS), [3.0.73](https://codeberg.org/gentoo/portage/raw/tag/portage-3.0.73/NEWS))) - nss-usrfiles (2.43) - sysext-containerd: containerd ([2.2.1](https://github.com/containerd/containerd/releases/tag/v2.2.1)) - sysext-incus, sysext-podman, vmware: fuse ([3.18.1](https://github.com/libfuse/libfuse/releases/tag/fuse-3.18.1) (includes [3.18.0](https://github.com/libfuse/libfuse/releases/tag/fuse-3.18.0))) - sysext-nvidia-drivers-535, sysext-nvidia-drivers-535-open: nvidia-drivers ([535.288.01](https://docs.nvidia.com/datacenter/tesla/tesla-release-notes-535-288-01/index.html)) - sysext-nvidia-drivers-570, sysext-nvidia-drivers-570-open: nvidia-drivers ([570.211.01](https://docs.nvidia.com/datacenter/tesla/tesla-release-notes-570-211-01/index.html)) - sysext-overlaybd: accelerated-container-image ([1.4.3](https://github.com/containerd/accelerated-container-image/releases/tag/v1.4.3) (includes [1.4.2](https://github.com/containerd/accelerated-container-image/releases/tag/v1.4.2), [1.4.1](https://github.com/containerd/accelerated-container-image/releases/tag/v1.4.1), [1.4.0](https://github.com/containerd/accelerated-container-image/releases/tag/v1.4.0))) - sysext-podman: aardvark-dns ([1.17.0](https://github.com/containers/aardvark-dns/releases/tag/v1.17.0) (includes [1.16.0](https://github.com/containers/aardvark-dns/releases/tag/v1.16.0))) - sysext-podman: containers-common ([0.64.2](https://github.com/containers/common/releases/tag/v0.64.2) (includes [0.64.1](https://github.com/containers/common/releases/tag/v0.64.1), [0.64.0](https://github.com/containers/common/releases/tag/v0.64.0))) - sysext-podman: containers-image ([5.36.2](https://github.com/containers/image/releases/tag/v5.36.2) (includes [5.36.1](https://github.com/containers/image/releases/tag/v5.36.1), [5.36.0](https://github.com/containers/image/releases/tag/v5.36.0))) - sysext-podman: containers-storage ([1.59.1](https://github.com/containers/storage/releases/tag/v1.59.1) (includes [1.59.0](https://github.com/containers/storage/releases/tag/v1.59.0), [1.58.0](https://github.com/containers/storage/releases/tag/v1.58.0))) - sysext-podman: fuse-overlayfs ([1.16](https://github.com/containers/fuse-overlayfs/releases/tag/v1.16)) - sysext-podman: netavark ([1.17.1](https://github.com/containers/netavark/releases/tag/v1.17.1) (includes [1.17.0](https://github.com/containers/netavark/releases/tag/v1.17.0))) - sysext-podman: passt ([2025.12.15](https://archives.passt.top/passt-user/20251215183014.758802aa@elisabeth/T/#u)) - sysext-podman: podman ([5.7.1](https://github.com/containers/podman/releases/tag/v5.7.1)) - sysext-python: jaraco-context ([6.1.0](https://raw.githubusercontent.com/jaraco/jaraco.context/refs/tags/v6.1.0/NEWS.rst)) - sysext-python: jaraco-functools ([4.4.0](https://raw.githubusercontent.com/jaraco/jaraco.functools/refs/tags/v4.4.0/NEWS.rst)) - sysext-python: packaging ([26.0](https://github.com/pypa/packaging/releases/tag/26.0)) - sysext-python: trove-classifiers ([2026.1.14.14](https://github.com/pypa/trove-classifiers/releases/tag/2026.1.14.14)) - sysext-python: wheel ([0.46.2](https://github.com/pypa/wheel/releases/tag/0.46.2) (includes [0.46.1](https://github.com/pypa/wheel/releases/tag/0.46.1), [0.46.0](https://github.com/pypa/wheel/releases/tag/0.46.0))) - vmware: libxslt ([1.1.45](https://gitlab.gnome.org/GNOME/libxslt/-/releases/v1.1.45)) ### Beta 4628.1.0 _Changes since **Beta 4593.1.0**_ #### Security fixes: - Linux ([CVE-2026-31411](https://nvd.nist.gov/vuln/detail/CVE-2026-31411), [CVE-2026-23273](https://nvd.nist.gov/vuln/detail/CVE-2026-23273), [CVE-2026-23251](https://nvd.nist.gov/vuln/detail/CVE-2026-23251), [CVE-2026-23249](https://nvd.nist.gov/vuln/detail/CVE-2026-23249), [CVE-2026-23250](https://nvd.nist.gov/vuln/detail/CVE-2026-23250), [CVE-2025-71265](https://nvd.nist.gov/vuln/detail/CVE-2025-71265), [CVE-2026-23243](https://nvd.nist.gov/vuln/detail/CVE-2026-23243), [CVE-2026-23242](https://nvd.nist.gov/vuln/detail/CVE-2026-23242), [CVE-2025-71267](https://nvd.nist.gov/vuln/detail/CVE-2025-71267), [CVE-2025-71266](https://nvd.nist.gov/vuln/detail/CVE-2025-71266), [CVE-2025-71239](https://nvd.nist.gov/vuln/detail/CVE-2025-71239), [CVE-2026-23241](https://nvd.nist.gov/vuln/detail/CVE-2026-23241), [CVE-2026-23239](https://nvd.nist.gov/vuln/detail/CVE-2026-23239), [CVE-2026-23240](https://nvd.nist.gov/vuln/detail/CVE-2026-23240), [CVE-2026-23426](https://nvd.nist.gov/vuln/detail/CVE-2026-23426), [CVE-2026-23422](https://nvd.nist.gov/vuln/detail/CVE-2026-23422), [CVE-2026-23420](https://nvd.nist.gov/vuln/detail/CVE-2026-23420), [CVE-2026-23419](https://nvd.nist.gov/vuln/detail/CVE-2026-23419), [CVE-2026-23410](https://nvd.nist.gov/vuln/detail/CVE-2026-23410), [CVE-2026-23409](https://nvd.nist.gov/vuln/detail/CVE-2026-23409), [CVE-2026-23408](https://nvd.nist.gov/vuln/detail/CVE-2026-23408), [CVE-2026-23407](https://nvd.nist.gov/vuln/detail/CVE-2026-23407), [CVE-2026-23406](https://nvd.nist.gov/vuln/detail/CVE-2026-23406), [CVE-2026-23405](https://nvd.nist.gov/vuln/detail/CVE-2026-23405), [CVE-2026-23404](https://nvd.nist.gov/vuln/detail/CVE-2026-23404), [CVE-2026-23403](https://nvd.nist.gov/vuln/detail/CVE-2026-23403), [CVE-2026-23411](https://nvd.nist.gov/vuln/detail/CVE-2026-23411), [CVE-2026-23359](https://nvd.nist.gov/vuln/detail/CVE-2026-23359), [CVE-2026-23357](https://nvd.nist.gov/vuln/detail/CVE-2026-23357), [CVE-2026-23356](https://nvd.nist.gov/vuln/detail/CVE-2026-23356), [CVE-2026-23354](https://nvd.nist.gov/vuln/detail/CVE-2026-23354), [CVE-2026-23388](https://nvd.nist.gov/vuln/detail/CVE-2026-23388), [CVE-2026-23387](https://nvd.nist.gov/vuln/detail/CVE-2026-23387), [CVE-2026-23383](https://nvd.nist.gov/vuln/detail/CVE-2026-23383), [CVE-2026-23382](https://nvd.nist.gov/vuln/detail/CVE-2026-23382), [CVE-2026-23381](https://nvd.nist.gov/vuln/detail/CVE-2026-23381), [CVE-2026-23380](https://nvd.nist.gov/vuln/detail/CVE-2026-23380), [CVE-2026-23379](https://nvd.nist.gov/vuln/detail/CVE-2026-23379), [CVE-2026-23378](https://nvd.nist.gov/vuln/detail/CVE-2026-23378), [CVE-2026-23373](https://nvd.nist.gov/vuln/detail/CVE-2026-23373), [CVE-2026-23372](https://nvd.nist.gov/vuln/detail/CVE-2026-23372), [CVE-2026-23370](https://nvd.nist.gov/vuln/detail/CVE-2026-23370), [CVE-2026-23352](https://nvd.nist.gov/vuln/detail/CVE-2026-23352), [CVE-2026-23369](https://nvd.nist.gov/vuln/detail/CVE-2026-23369), [CVE-2026-23367](https://nvd.nist.gov/vuln/detail/CVE-2026-23367), [CVE-2026-23365](https://nvd.nist.gov/vuln/detail/CVE-2026-23365), [CVE-2026-23363](https://nvd.nist.gov/vuln/detail/CVE-2026-23363), [CVE-2026-23362](https://nvd.nist.gov/vuln/detail/CVE-2026-23362), [CVE-2026-23361](https://nvd.nist.gov/vuln/detail/CVE-2026-23361), [CVE-2026-23360](https://nvd.nist.gov/vuln/detail/CVE-2026-23360), [CVE-2026-23351](https://nvd.nist.gov/vuln/detail/CVE-2026-23351), [CVE-2026-23308](https://nvd.nist.gov/vuln/detail/CVE-2026-23308), [CVE-2026-23307](https://nvd.nist.gov/vuln/detail/CVE-2026-23307), [CVE-2026-23306](https://nvd.nist.gov/vuln/detail/CVE-2026-23306), [CVE-2026-23304](https://nvd.nist.gov/vuln/detail/CVE-2026-23304), [CVE-2026-23347](https://nvd.nist.gov/vuln/detail/CVE-2026-23347), [CVE-2026-23343](https://nvd.nist.gov/vuln/detail/CVE-2026-23343), [CVE-2026-23340](https://nvd.nist.gov/vuln/detail/CVE-2026-23340), [CVE-2026-23339](https://nvd.nist.gov/vuln/detail/CVE-2026-23339), [CVE-2026-23303](https://nvd.nist.gov/vuln/detail/CVE-2026-23303), [CVE-2026-23336](https://nvd.nist.gov/vuln/detail/CVE-2026-23336), [CVE-2026-23335](https://nvd.nist.gov/vuln/detail/CVE-2026-23335), [CVE-2026-23334](https://nvd.nist.gov/vuln/detail/CVE-2026-23334), [CVE-2026-23325](https://nvd.nist.gov/vuln/detail/CVE-2026-23325), [CVE-2026-23324](https://nvd.nist.gov/vuln/detail/CVE-2026-23324), [CVE-2026-23319](https://nvd.nist.gov/vuln/detail/CVE-2026-23319), [CVE-2026-23318](https://nvd.nist.gov/vuln/detail/CVE-2026-23318), [CVE-2026-23317](https://nvd.nist.gov/vuln/detail/CVE-2026-23317), [CVE-2026-23316](https://nvd.nist.gov/vuln/detail/CVE-2026-23316), [CVE-2026-23315](https://nvd.nist.gov/vuln/detail/CVE-2026-23315), [CVE-2026-23313](https://nvd.nist.gov/vuln/detail/CVE-2026-23313), [CVE-2026-23312](https://nvd.nist.gov/vuln/detail/CVE-2026-23312), [CVE-2026-23310](https://nvd.nist.gov/vuln/detail/CVE-2026-23310), [CVE-2026-23309](https://nvd.nist.gov/vuln/detail/CVE-2026-23309), [CVE-2026-23300](https://nvd.nist.gov/vuln/detail/CVE-2026-23300), [CVE-2026-23279](https://nvd.nist.gov/vuln/detail/CVE-2026-23279), [CVE-2026-23287](https://nvd.nist.gov/vuln/detail/CVE-2026-23287), [CVE-2026-23286](https://nvd.nist.gov/vuln/detail/CVE-2026-23286), [CVE-2026-23285](https://nvd.nist.gov/vuln/detail/CVE-2026-23285), [CVE-2026-23284](https://nvd.nist.gov/vuln/detail/CVE-2026-23284), [CVE-2026-23298](https://nvd.nist.gov/vuln/detail/CVE-2026-23298), [CVE-2026-23297](https://nvd.nist.gov/vuln/detail/CVE-2026-23297), [CVE-2026-23296](https://nvd.nist.gov/vuln/detail/CVE-2026-23296), [CVE-2026-23293](https://nvd.nist.gov/vuln/detail/CVE-2026-23293), [CVE-2026-23292](https://nvd.nist.gov/vuln/detail/CVE-2026-23292), [CVE-2026-23291](https://nvd.nist.gov/vuln/detail/CVE-2026-23291), [CVE-2026-23290](https://nvd.nist.gov/vuln/detail/CVE-2026-23290), [CVE-2026-23289](https://nvd.nist.gov/vuln/detail/CVE-2026-23289), [CVE-2026-23271](https://nvd.nist.gov/vuln/detail/CVE-2026-23271), [CVE-2026-23270](https://nvd.nist.gov/vuln/detail/CVE-2026-23270), [CVE-2026-23268](https://nvd.nist.gov/vuln/detail/CVE-2026-23268), [CVE-2026-23269](https://nvd.nist.gov/vuln/detail/CVE-2026-23269), [CVE-2026-23253](https://nvd.nist.gov/vuln/detail/CVE-2026-23253), [CVE-2026-23246](https://nvd.nist.gov/vuln/detail/CVE-2026-23246), [CVE-2026-23244](https://nvd.nist.gov/vuln/detail/CVE-2026-23244), [CVE-2026-31412](https://nvd.nist.gov/vuln/detail/CVE-2026-31412), [CVE-2026-31410](https://nvd.nist.gov/vuln/detail/CVE-2026-31410), [CVE-2026-31409](https://nvd.nist.gov/vuln/detail/CVE-2026-31409), [CVE-2026-31405](https://nvd.nist.gov/vuln/detail/CVE-2026-31405), [CVE-2026-31394](https://nvd.nist.gov/vuln/detail/CVE-2026-31394), [CVE-2026-31393](https://nvd.nist.gov/vuln/detail/CVE-2026-31393), [CVE-2026-31392](https://nvd.nist.gov/vuln/detail/CVE-2026-31392), [CVE-2026-31391](https://nvd.nist.gov/vuln/detail/CVE-2026-31391), [CVE-2026-31389](https://nvd.nist.gov/vuln/detail/CVE-2026-31389), [CVE-2026-23475](https://nvd.nist.gov/vuln/detail/CVE-2026-23475), [CVE-2026-23474](https://nvd.nist.gov/vuln/detail/CVE-2026-23474), [CVE-2026-31403](https://nvd.nist.gov/vuln/detail/CVE-2026-31403), [CVE-2026-31402](https://nvd.nist.gov/vuln/detail/CVE-2026-31402), [CVE-2026-31401](https://nvd.nist.gov/vuln/detail/CVE-2026-31401), [CVE-2026-31400](https://nvd.nist.gov/vuln/detail/CVE-2026-31400), [CVE-2026-31399](https://nvd.nist.gov/vuln/detail/CVE-2026-31399), [CVE-2026-31396](https://nvd.nist.gov/vuln/detail/CVE-2026-31396), [CVE-2026-23446](https://nvd.nist.gov/vuln/detail/CVE-2026-23446), [CVE-2026-23445](https://nvd.nist.gov/vuln/detail/CVE-2026-23445), [CVE-2026-23443](https://nvd.nist.gov/vuln/detail/CVE-2026-23443), [CVE-2026-23441](https://nvd.nist.gov/vuln/detail/CVE-2026-23441), [CVE-2026-23471](https://nvd.nist.gov/vuln/detail/CVE-2026-23471), [CVE-2026-23470](https://nvd.nist.gov/vuln/detail/CVE-2026-23470), [CVE-2026-23440](https://nvd.nist.gov/vuln/detail/CVE-2026-23440), [CVE-2026-23466](https://nvd.nist.gov/vuln/detail/CVE-2026-23466), [CVE-2026-23465](https://nvd.nist.gov/vuln/detail/CVE-2026-23465), [CVE-2026-23464](https://nvd.nist.gov/vuln/detail/CVE-2026-23464), [CVE-2026-23463](https://nvd.nist.gov/vuln/detail/CVE-2026-23463), [CVE-2026-23462](https://nvd.nist.gov/vuln/detail/CVE-2026-23462), [CVE-2026-23461](https://nvd.nist.gov/vuln/detail/CVE-2026-23461), [CVE-2026-23460](https://nvd.nist.gov/vuln/detail/CVE-2026-23460), [CVE-2026-23458](https://nvd.nist.gov/vuln/detail/CVE-2026-23458), [CVE-2026-23457](https://nvd.nist.gov/vuln/detail/CVE-2026-23457), [CVE-2026-23439](https://nvd.nist.gov/vuln/detail/CVE-2026-23439), [CVE-2026-23456](https://nvd.nist.gov/vuln/detail/CVE-2026-23456), [CVE-2026-23455](https://nvd.nist.gov/vuln/detail/CVE-2026-23455), [CVE-2026-23454](https://nvd.nist.gov/vuln/detail/CVE-2026-23454), [CVE-2026-23452](https://nvd.nist.gov/vuln/detail/CVE-2026-23452), [CVE-2026-23450](https://nvd.nist.gov/vuln/detail/CVE-2026-23450), [CVE-2026-23449](https://nvd.nist.gov/vuln/detail/CVE-2026-23449), [CVE-2026-23448](https://nvd.nist.gov/vuln/detail/CVE-2026-23448), [CVE-2026-23447](https://nvd.nist.gov/vuln/detail/CVE-2026-23447), [CVE-2026-23438](https://nvd.nist.gov/vuln/detail/CVE-2026-23438), [CVE-2026-23434](https://nvd.nist.gov/vuln/detail/CVE-2026-23434), [CVE-2026-23427](https://nvd.nist.gov/vuln/detail/CVE-2026-23427), [CVE-2026-23428](https://nvd.nist.gov/vuln/detail/CVE-2026-23428), [CVE-2026-23413](https://nvd.nist.gov/vuln/detail/CVE-2026-23413), [CVE-2026-23412](https://nvd.nist.gov/vuln/detail/CVE-2026-23412), [CVE-2026-23399](https://nvd.nist.gov/vuln/detail/CVE-2026-23399), [CVE-2026-23398](https://nvd.nist.gov/vuln/detail/CVE-2026-23398), [CVE-2026-23396](https://nvd.nist.gov/vuln/detail/CVE-2026-23396), [CVE-2026-23397](https://nvd.nist.gov/vuln/detail/CVE-2026-23397), [CVE-2026-23391](https://nvd.nist.gov/vuln/detail/CVE-2026-23391), [CVE-2026-23395](https://nvd.nist.gov/vuln/detail/CVE-2026-23395), [CVE-2026-23393](https://nvd.nist.gov/vuln/detail/CVE-2026-23393), [CVE-2026-23392](https://nvd.nist.gov/vuln/detail/CVE-2026-23392), [CVE-2026-23386](https://nvd.nist.gov/vuln/detail/CVE-2026-23386), [CVE-2026-23375](https://nvd.nist.gov/vuln/detail/CVE-2026-23375), [CVE-2026-23368](https://nvd.nist.gov/vuln/detail/CVE-2026-23368), [CVE-2026-23364](https://nvd.nist.gov/vuln/detail/CVE-2026-23364), [CVE-2026-23321](https://nvd.nist.gov/vuln/detail/CVE-2026-23321), [CVE-2026-23281](https://nvd.nist.gov/vuln/detail/CVE-2026-23281), [CVE-2026-31788](https://nvd.nist.gov/vuln/detail/CVE-2026-31788), [CVE-2024-57946](https://nvd.nist.gov/vuln/detail/CVE-2024-57946), [CVE-2024-57807](https://nvd.nist.gov/vuln/detail/CVE-2024-57807), [CVE-2024-57806](https://nvd.nist.gov/vuln/detail/CVE-2024-57806), [CVE-2024-57805](https://nvd.nist.gov/vuln/detail/CVE-2024-57805), [CVE-2024-57804](https://nvd.nist.gov/vuln/detail/CVE-2024-57804), [CVE-2024-57800](https://nvd.nist.gov/vuln/detail/CVE-2024-57800), [CVE-2024-57799](https://nvd.nist.gov/vuln/detail/CVE-2024-57799), [CVE-2024-57798](https://nvd.nist.gov/vuln/detail/CVE-2024-57798), [CVE-2024-57792](https://nvd.nist.gov/vuln/detail/CVE-2024-57792), [CVE-2024-57793](https://nvd.nist.gov/vuln/detail/CVE-2024-57793), [CVE-2024-56757](https://nvd.nist.gov/vuln/detail/CVE-2024-56757), [CVE-2024-56766](https://nvd.nist.gov/vuln/detail/CVE-2024-56766), [CVE-2024-56765](https://nvd.nist.gov/vuln/detail/CVE-2024-56765), [CVE-2024-56764](https://nvd.nist.gov/vuln/detail/CVE-2024-56764), [CVE-2024-56763](https://nvd.nist.gov/vuln/detail/CVE-2024-56763), [CVE-2024-56762](https://nvd.nist.gov/vuln/detail/CVE-2024-56762), [CVE-2024-56761](https://nvd.nist.gov/vuln/detail/CVE-2024-56761), [CVE-2024-56760](https://nvd.nist.gov/vuln/detail/CVE-2024-56760), [CVE-2024-56759](https://nvd.nist.gov/vuln/detail/CVE-2024-56759), [CVE-2024-56769](https://nvd.nist.gov/vuln/detail/CVE-2024-56769), [CVE-2024-56768](https://nvd.nist.gov/vuln/detail/CVE-2024-56768), [CVE-2024-56767](https://nvd.nist.gov/vuln/detail/CVE-2024-56767), [CVE-2024-56758](https://nvd.nist.gov/vuln/detail/CVE-2024-56758), [CVE-2026-31428](https://nvd.nist.gov/vuln/detail/CVE-2026-31428), [CVE-2026-31427](https://nvd.nist.gov/vuln/detail/CVE-2026-31427), [CVE-2026-31426](https://nvd.nist.gov/vuln/detail/CVE-2026-31426), [CVE-2026-31413](https://nvd.nist.gov/vuln/detail/CVE-2026-31413), [CVE-2026-31408](https://nvd.nist.gov/vuln/detail/CVE-2026-31408), [CVE-2026-31406](https://nvd.nist.gov/vuln/detail/CVE-2026-31406), [CVE-2026-23417](https://nvd.nist.gov/vuln/detail/CVE-2026-23417), [CVE-2026-23414](https://nvd.nist.gov/vuln/detail/CVE-2026-23414), [CVE-2026-31425](https://nvd.nist.gov/vuln/detail/CVE-2026-31425), [CVE-2026-31424](https://nvd.nist.gov/vuln/detail/CVE-2026-31424), [CVE-2026-31423](https://nvd.nist.gov/vuln/detail/CVE-2026-31423), [CVE-2026-31422](https://nvd.nist.gov/vuln/detail/CVE-2026-31422), [CVE-2026-31421](https://nvd.nist.gov/vuln/detail/CVE-2026-31421), [CVE-2026-31414](https://nvd.nist.gov/vuln/detail/CVE-2026-31414), [CVE-2026-31418](https://nvd.nist.gov/vuln/detail/CVE-2026-31418), [CVE-2026-31417](https://nvd.nist.gov/vuln/detail/CVE-2026-31417), [CVE-2026-31416](https://nvd.nist.gov/vuln/detail/CVE-2026-31416), [CVE-2026-31415](https://nvd.nist.gov/vuln/detail/CVE-2026-31415)) - bind ([CVE-2025-40778](https://www.cve.org/CVERecord?id=CVE-2025-40778), [CVE-2025-40780](https://www.cve.org/CVERecord?id=CVE-2025-40780), [CVE-2025-8677](https://www.cve.org/CVERecord?id=CVE-2025-8677)) - gnutls ([CVE-2025-9820](https://www.cve.org/CVERecord?id=CVE-2025-9820)) - go ([CVE-2025-61727](https://www.cve.org/CVERecord?id=CVE-2025-61727), [CVE-2025-61729](https://www.cve.org/CVERecord?id=CVE-2025-61729)) - libarchive ([CVE-2025-60753](https://www.cve.org/CVERecord?id=CVE-2025-60753)) - podman ([CVE-2025-9566](https://www.cve.org/CVERecord?id=CVE-2025-9566), [CVE-2025-52881](https://www.cve.org/CVERecord?id=CVE-2025-52881)) - urllib3 ([CVE-2025-66418](https://www.cve.org/CVERecord?id=CVE-2025-66418), [CVE-2025-66471](https://www.cve.org/CVERecord?id=CVE-2025-66471)) #### Bug fixes: - Added full terminfo database to support modern terminals like foot and Alacritty. - Fixed loading Ignition config from the initrd with `ignition.config.url=oem:///myconf.ign`. This was broken since moving to the minimal initrd. ([scripts#3853](https://github.com/flatcar/scripts/pull/3853)) - Restored the ability to customize PXE images with OEM data. This was broken since moving to the minimal initrd. ([Flatcar#2023](https://github.com/flatcar/Flatcar/issues/2023)) #### Changes: - Dropped the "Oklo" release codename as it was never updated in a meaningful way. - Moved systemd-sysext image mounting into the initrd, so that system extensions can better define the behavior of the final system at boot without workarounds to apply settings late at boot. This means `.wants` symlinks for systemd units work as expected now and, therefore, we dropped the `ensure-sysext.service` workaround. We still recommend extensions to keep their workarounds, e.g., using `.upholds` instead of `.wants`, to better support live reloading. A skipping logic prevents an extension refresh late at boot but only if no changes were found. For extensions that are not stored on a custom filesystem, such as a separate `/var` partition, the new extension mounting from the initrd won't be able to load them early but they will be picked up late at boot through the extension refresh. This is another case where it's good if extensions keep workarounds for late loading. - OS-dependent sysexts (e.g., docker-flatcar, containerd-flatcar, podman, zfs, nvidia) are now cryptographically signed using dm-verity roothash signatures. This enables stricter sysext policies via systemd-sysext and provides a foundation for verifying user-provided extensions in future releases. The format changed from squashfs to erofs-based Discoverable Disk Images (DDI). OEM sysexts (e.g., oem-azure, oem-gce) are now also signed and built during the image phase to ensure consistent signing with the same ephemeral key. ([scripts#3162](https://github.com/flatcar/scripts/pull/3162)) - Switched `/etc/` from a custom overlayfs for A/B updates to using a systemd-confext extension providing the default contents by using systemd-confext in the mutable mode where `/etc/` gets used as upperdir ([scripts#3555](https://github.com/flatcar/scripts/pull/3555)) #### Updates: - Linux ([6.12.81](https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tag/?h=v6.12.81) (includes [6.12.80](https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tag/?h=v6.12.80), [6.12.79](https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tag/?h=v6.12.79), [6.12.78](https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tag/?h=v6.12.78), [6.12.77](https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tag/?h=v6.12.77), [6.12.76](https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tag/?h=v6.12.76), [6.12.75](https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tag/?h=v6.12.75))) - Linux Firmware ([20260110](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20260110)) - SDK: cmake ([4.1.4](https://cmake.org/cmake/help/v4.1/release/4.1.html#updates)) - SDK: crossdev ([20251214](https://gitweb.gentoo.org/proj/crossdev.git/log/?h=20251214)) - SDK: go ([1.25.5](https://go.dev/doc/devel/release#go1.25.minor)) - SDK: perl ([5.42.0](https://perldoc.perl.org/perl5420delta)) - SDK: rust ([1.91.0](https://blog.rust-lang.org/2025/10/30/Rust-1.91.0/) (includes [1.90.0](https://blog.rust-lang.org/2025/09/18/Rust-1.90.0/))) - azure, dev, sysext-python: urllib3 ([2.6.3](https://raw.githubusercontent.com/urllib3/urllib3/refs/tags/2.6.3/CHANGES.rst)) - base, dev: bash ([5.3_p9](https://cgit.git.savannah.gnu.org/cgit/bash.git/log/?id=637f5c8696a6adc9b4519f1cd74aa78492266b7f)) - base, dev: bind ([9.18.42](https://bind9.readthedocs.io/en/v9.18.42/notes.html#notes-for-bind-9-18-42)) - base, dev: binutils-config ([5.6](https://gitweb.gentoo.org/proj/binutils-config.git/log/?h=v5.6)) - base, dev: btrfs-progs ([6.17.1](https://github.com/kdave/btrfs-progs/releases/tag/v6.17.1)) - base, dev: coreutils ([9.9](https://lists.gnu.org/archive/html/coreutils-announce/2025-11/msg00000.html)) - base, dev: cri-tools ([1.33.0](https://github.com/kubernetes-sigs/cri-tools/releases/tag/v1.33.0)) - base, dev: curl ([8.17.0](https://curl.se/ch/8.17.0.html)) - base, dev: elfutils ([0.194](https://inbox.sourceware.org/elfutils-devel/CAJDtP-S0rYAOZQeDZvMtPkQztgK9RboWtYwpqNLCNGNdaSGn-A@mail.gmail.com/T/#u)) - base, dev: git ([2.52.0](https://raw.githubusercontent.com/git/git/refs/tags/v2.52.0/Documentation/RelNotes/2.52.0.adoc)) - base, dev: gnutls ([3.8.11](https://lists.gnu.org/archive/html/info-gnu/2025-11/msg00003.html)) - base, dev: kexec-tools ([2.0.32](https://github.com/horms/kexec-tools/commits/v2.0.32/)) - base, dev: libarchive ([3.8.5](https://github.com/libarchive/libarchive/releases/tag/v3.8.5) (includes [3.8.4](https://github.com/libarchive/libarchive/releases/tag/v3.8.4), [3.8.3](https://github.com/libarchive/libarchive/releases/tag/v3.8.3), [3.8.2](https://github.com/libarchive/libarchive/releases/tag/v3.8.2))) - base, dev: libcap ([2.77](https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.mr55t4z9vzea)) - base, dev: libnftnl ([1.3.1](https://lwn.net/Articles/1049279/)) - base, dev: libnl ([3.11.0](https://lists.infradead.org/pipermail/libnl/2024-October/002441.html)) - base, dev: libnvme ([1.16.1](https://github.com/linux-nvme/libnvme/releases/tag/v1.16.1) (includes [1.16](https://github.com/linux-nvme/libnvme/releases/tag/v1.16))) - base, dev: libpcre2 ([10.47](https://github.com/PCRE2Project/pcre2/releases/tag/pcre2-10.47)) - base, dev: libxml2 ([2.15.1](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.15.1) (includes [2.15.0](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.15.0))) - base, dev: nvme-cli ([2.16](https://github.com/linux-nvme/nvme-cli/releases/tag/v2.16)) - base, dev: pambase ([20251104](https://gitweb.gentoo.org/proj/pambase.git/log/?h=pambase-20251104)) - base, dev: readline ([8.3_p3](https://cgit.git.savannah.gnu.org/cgit/readline.git/log/?id=553d6bb272f26400d6d4d1cac7c1df84c447449b)) - base, dev: selinux-base ([2.20250618](https://github.com/SELinuxProject/refpolicy/releases/tag/RELEASE_2_20250618)) - base, dev: systemd ([257.10](https://github.com/systemd/systemd/commits/v257.10/)) - base, dev: thin-provisioning-tools ([1.3.1](https://raw.githubusercontent.com/device-mapper-utils/thin-provisioning-tools/refs/tags/v1.3.1/CHANGES)) - base, dev: usbutils ([019](https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usbutils.git/plain/NEWS?h=v019)) - base, dev: userspace-rcu ([0.15.5](https://lwn.net/Articles/1046059/)) - base, dev: xfsprogs ([6.17.0](https://web.git.kernel.org/pub/scm/fs/xfs/xfsprogs-dev.git/plain/doc/CHANGES?h=v6.17.0)) - ca-certificates ([3.122](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_122.html) (includes [3.121](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_121.html))) - dev, sysext-incus: squashfs-tools ([4.7.4](https://github.com/plougher/squashfs-tools/releases?q=4.7.4)) - dev: bash-completion ([2.17.0](https://github.com/scop/bash-completion/releases/tag/2.17.0)) - dev: binutils ([2.45.1](https://sourceware.org/pipermail/binutils/2025-November/145592.html)) - dev: cJSON ([1.7.19](https://github.com/DaveGamble/cJSON/releases/tag/v1.7.19)) - dev: gcc-config ([2.12.2](https://gitweb.gentoo.org/proj/gcc-config.git/log/?h=v2.12.2)) - dev: portage ([3.0.72](https://gitweb.gentoo.org/proj/portage.git/plain/NEWS?h=portage-3.0.72) (includes [3.0.71](https://gitweb.gentoo.org/proj/portage.git/plain/NEWS?h=portage-3.0.71), [3.0.70](https://gitweb.gentoo.org/proj/portage.git/plain/NEWS?h=portage-3.0.70))) - sysext-containerd: containerd ([2.2.0](https://github.com/containerd/containerd/releases/tag/v2.2.0)) - sysext-containerd: runc ([1.4.0](https://github.com/opencontainers/runc/releases/tag/v1.4.0)) - sysext-docker: docker ([28.2.2](https://github.com/moby/moby/releases/tag/v28.2.2) (includes [28.2.1](https://github.com/moby/moby/releases/tag/v28.2.1), [28.2.0](https://github.com/moby/moby/releases/tag/v28.2.0), [28.1.1](https://github.com/moby/moby/releases/tag/v28.1.1), [28.1.0](https://github.com/moby/moby/releases/tag/v28.1.0))) - sysext-docker: docker-cli ([28.4.0](https://github.com/moby/moby/releases/tag/v28.4.0) (includes [28.3.0](https://github.com/moby/moby/releases/tag/v28.3.0), [28.2.0](https://github.com/moby/moby/releases/tag/v28.2.0), [28.1.0](https://github.com/moby/moby/releases/tag/v28.1.0))) - sysext-incus: incus ([6.0.5](https://discuss.linuxcontainers.org/t/incus-6-0-5-lts-has-been-released/24445)) - sysext-incus: lxc ([6.0.5](https://discuss.linuxcontainers.org/t/lxc-6-0-5-lts-has-been-released/24438)) - sysext-incus: lxcfs ([6.0.5](https://discuss.linuxcontainers.org/t/lxcfs-6-0-5-lts-has-been-released/24437)) - sysext-nvidia-drivers-570, sysext-nvidia-drivers-570-open: nvidia-drivers (570.207) - sysext-podman: containers-image ([5.35.0](https://github.com/containers/image/releases/tag/v5.35.0)) - sysext-podman: podman ([5.7.0](https://github.com/containers/podman/releases/tag/v5.7.0) (includes [5.6.0](https://github.com/containers/podman/releases/tag/v5.6.0))) - sysext-python: charset-normalizer ([3.4.4](https://github.com/jawah/charset_normalizer/releases/tag/3.4.4)) - sysext-python: idna ([3.11](https://github.com/kjd/idna/releases/tag/v3.11)) - sysext-python: msgpack ([1.1.2](https://github.com/msgpack/msgpack-python/releases/tag/v1.1.2)) - sysext-python: pip ([25.3](https://github.com/pypa/pip/blob/25.3/NEWS.rst)) - sysext-python: setuptools-scm ([9.2.2](https://github.com/pypa/setuptools-scm/releases/tag/v9.2.2)) - sysext-python: trove-classifiers ([2025.11.14.15](https://github.com/pypa/trove-classifiers/releases/tag/2025.11.14.15)) - sysext-zfs: zfs ([2.3.4](https://github.com/openzfs/zfs/releases/tag/zfs-2.3.4)) - systemd ([258.2](https://github.com/systemd/systemd/releases/tag/v258.2)) - vmware: open-vm-tools ([13.0.10](https://github.com/vmware/open-vm-tools/releases/tag/stable-13.0.10)) _Changes since **Alpha 4628.0.0**_ #### Security fixes: - Linux ([CVE-2026-31411](https://nvd.nist.gov/vuln/detail/CVE-2026-31411), [CVE-2026-23273](https://nvd.nist.gov/vuln/detail/CVE-2026-23273), [CVE-2026-23251](https://nvd.nist.gov/vuln/detail/CVE-2026-23251), [CVE-2026-23249](https://nvd.nist.gov/vuln/detail/CVE-2026-23249), [CVE-2026-23250](https://nvd.nist.gov/vuln/detail/CVE-2026-23250), [CVE-2025-71265](https://nvd.nist.gov/vuln/detail/CVE-2025-71265), [CVE-2026-23243](https://nvd.nist.gov/vuln/detail/CVE-2026-23243), [CVE-2026-23242](https://nvd.nist.gov/vuln/detail/CVE-2026-23242), [CVE-2025-71267](https://nvd.nist.gov/vuln/detail/CVE-2025-71267), [CVE-2025-71266](https://nvd.nist.gov/vuln/detail/CVE-2025-71266), [CVE-2025-71239](https://nvd.nist.gov/vuln/detail/CVE-2025-71239), [CVE-2026-23241](https://nvd.nist.gov/vuln/detail/CVE-2026-23241), [CVE-2026-23239](https://nvd.nist.gov/vuln/detail/CVE-2026-23239), [CVE-2026-23240](https://nvd.nist.gov/vuln/detail/CVE-2026-23240), [CVE-2026-23426](https://nvd.nist.gov/vuln/detail/CVE-2026-23426), [CVE-2026-23422](https://nvd.nist.gov/vuln/detail/CVE-2026-23422), [CVE-2026-23420](https://nvd.nist.gov/vuln/detail/CVE-2026-23420), [CVE-2026-23419](https://nvd.nist.gov/vuln/detail/CVE-2026-23419), [CVE-2026-23410](https://nvd.nist.gov/vuln/detail/CVE-2026-23410), [CVE-2026-23409](https://nvd.nist.gov/vuln/detail/CVE-2026-23409), [CVE-2026-23408](https://nvd.nist.gov/vuln/detail/CVE-2026-23408), [CVE-2026-23407](https://nvd.nist.gov/vuln/detail/CVE-2026-23407), [CVE-2026-23406](https://nvd.nist.gov/vuln/detail/CVE-2026-23406), [CVE-2026-23405](https://nvd.nist.gov/vuln/detail/CVE-2026-23405), [CVE-2026-23404](https://nvd.nist.gov/vuln/detail/CVE-2026-23404), [CVE-2026-23403](https://nvd.nist.gov/vuln/detail/CVE-2026-23403), [CVE-2026-23411](https://nvd.nist.gov/vuln/detail/CVE-2026-23411), [CVE-2026-23359](https://nvd.nist.gov/vuln/detail/CVE-2026-23359), [CVE-2026-23357](https://nvd.nist.gov/vuln/detail/CVE-2026-23357), [CVE-2026-23356](https://nvd.nist.gov/vuln/detail/CVE-2026-23356), [CVE-2026-23354](https://nvd.nist.gov/vuln/detail/CVE-2026-23354), [CVE-2026-23388](https://nvd.nist.gov/vuln/detail/CVE-2026-23388), [CVE-2026-23387](https://nvd.nist.gov/vuln/detail/CVE-2026-23387), [CVE-2026-23383](https://nvd.nist.gov/vuln/detail/CVE-2026-23383), [CVE-2026-23382](https://nvd.nist.gov/vuln/detail/CVE-2026-23382), [CVE-2026-23381](https://nvd.nist.gov/vuln/detail/CVE-2026-23381), [CVE-2026-23380](https://nvd.nist.gov/vuln/detail/CVE-2026-23380), [CVE-2026-23379](https://nvd.nist.gov/vuln/detail/CVE-2026-23379), [CVE-2026-23378](https://nvd.nist.gov/vuln/detail/CVE-2026-23378), [CVE-2026-23373](https://nvd.nist.gov/vuln/detail/CVE-2026-23373), [CVE-2026-23372](https://nvd.nist.gov/vuln/detail/CVE-2026-23372), [CVE-2026-23370](https://nvd.nist.gov/vuln/detail/CVE-2026-23370), [CVE-2026-23352](https://nvd.nist.gov/vuln/detail/CVE-2026-23352), [CVE-2026-23369](https://nvd.nist.gov/vuln/detail/CVE-2026-23369), [CVE-2026-23367](https://nvd.nist.gov/vuln/detail/CVE-2026-23367), [CVE-2026-23365](https://nvd.nist.gov/vuln/detail/CVE-2026-23365), [CVE-2026-23363](https://nvd.nist.gov/vuln/detail/CVE-2026-23363), [CVE-2026-23362](https://nvd.nist.gov/vuln/detail/CVE-2026-23362), [CVE-2026-23361](https://nvd.nist.gov/vuln/detail/CVE-2026-23361), [CVE-2026-23360](https://nvd.nist.gov/vuln/detail/CVE-2026-23360), [CVE-2026-23351](https://nvd.nist.gov/vuln/detail/CVE-2026-23351), [CVE-2026-23308](https://nvd.nist.gov/vuln/detail/CVE-2026-23308), [CVE-2026-23307](https://nvd.nist.gov/vuln/detail/CVE-2026-23307), [CVE-2026-23306](https://nvd.nist.gov/vuln/detail/CVE-2026-23306), [CVE-2026-23304](https://nvd.nist.gov/vuln/detail/CVE-2026-23304), [CVE-2026-23347](https://nvd.nist.gov/vuln/detail/CVE-2026-23347), [CVE-2026-23343](https://nvd.nist.gov/vuln/detail/CVE-2026-23343), [CVE-2026-23340](https://nvd.nist.gov/vuln/detail/CVE-2026-23340), [CVE-2026-23339](https://nvd.nist.gov/vuln/detail/CVE-2026-23339), [CVE-2026-23303](https://nvd.nist.gov/vuln/detail/CVE-2026-23303), [CVE-2026-23336](https://nvd.nist.gov/vuln/detail/CVE-2026-23336), [CVE-2026-23335](https://nvd.nist.gov/vuln/detail/CVE-2026-23335), [CVE-2026-23334](https://nvd.nist.gov/vuln/detail/CVE-2026-23334), [CVE-2026-23325](https://nvd.nist.gov/vuln/detail/CVE-2026-23325), [CVE-2026-23324](https://nvd.nist.gov/vuln/detail/CVE-2026-23324), [CVE-2026-23319](https://nvd.nist.gov/vuln/detail/CVE-2026-23319), [CVE-2026-23318](https://nvd.nist.gov/vuln/detail/CVE-2026-23318), [CVE-2026-23317](https://nvd.nist.gov/vuln/detail/CVE-2026-23317), [CVE-2026-23316](https://nvd.nist.gov/vuln/detail/CVE-2026-23316), [CVE-2026-23315](https://nvd.nist.gov/vuln/detail/CVE-2026-23315), [CVE-2026-23313](https://nvd.nist.gov/vuln/detail/CVE-2026-23313), [CVE-2026-23312](https://nvd.nist.gov/vuln/detail/CVE-2026-23312), [CVE-2026-23310](https://nvd.nist.gov/vuln/detail/CVE-2026-23310), [CVE-2026-23309](https://nvd.nist.gov/vuln/detail/CVE-2026-23309), [CVE-2026-23300](https://nvd.nist.gov/vuln/detail/CVE-2026-23300), [CVE-2026-23279](https://nvd.nist.gov/vuln/detail/CVE-2026-23279), [CVE-2026-23287](https://nvd.nist.gov/vuln/detail/CVE-2026-23287), [CVE-2026-23286](https://nvd.nist.gov/vuln/detail/CVE-2026-23286), [CVE-2026-23285](https://nvd.nist.gov/vuln/detail/CVE-2026-23285), [CVE-2026-23284](https://nvd.nist.gov/vuln/detail/CVE-2026-23284), [CVE-2026-23298](https://nvd.nist.gov/vuln/detail/CVE-2026-23298), [CVE-2026-23297](https://nvd.nist.gov/vuln/detail/CVE-2026-23297), [CVE-2026-23296](https://nvd.nist.gov/vuln/detail/CVE-2026-23296), [CVE-2026-23293](https://nvd.nist.gov/vuln/detail/CVE-2026-23293), [CVE-2026-23292](https://nvd.nist.gov/vuln/detail/CVE-2026-23292), [CVE-2026-23291](https://nvd.nist.gov/vuln/detail/CVE-2026-23291), [CVE-2026-23290](https://nvd.nist.gov/vuln/detail/CVE-2026-23290), [CVE-2026-23289](https://nvd.nist.gov/vuln/detail/CVE-2026-23289), [CVE-2026-23271](https://nvd.nist.gov/vuln/detail/CVE-2026-23271), [CVE-2026-23270](https://nvd.nist.gov/vuln/detail/CVE-2026-23270), [CVE-2026-23268](https://nvd.nist.gov/vuln/detail/CVE-2026-23268), [CVE-2026-23269](https://nvd.nist.gov/vuln/detail/CVE-2026-23269), [CVE-2026-23253](https://nvd.nist.gov/vuln/detail/CVE-2026-23253), [CVE-2026-23246](https://nvd.nist.gov/vuln/detail/CVE-2026-23246), [CVE-2026-23244](https://nvd.nist.gov/vuln/detail/CVE-2026-23244), [CVE-2026-31412](https://nvd.nist.gov/vuln/detail/CVE-2026-31412), [CVE-2026-31410](https://nvd.nist.gov/vuln/detail/CVE-2026-31410), [CVE-2026-31409](https://nvd.nist.gov/vuln/detail/CVE-2026-31409), [CVE-2026-31405](https://nvd.nist.gov/vuln/detail/CVE-2026-31405), [CVE-2026-31394](https://nvd.nist.gov/vuln/detail/CVE-2026-31394), [CVE-2026-31393](https://nvd.nist.gov/vuln/detail/CVE-2026-31393), [CVE-2026-31392](https://nvd.nist.gov/vuln/detail/CVE-2026-31392), [CVE-2026-31391](https://nvd.nist.gov/vuln/detail/CVE-2026-31391), [CVE-2026-31389](https://nvd.nist.gov/vuln/detail/CVE-2026-31389), [CVE-2026-23475](https://nvd.nist.gov/vuln/detail/CVE-2026-23475), [CVE-2026-23474](https://nvd.nist.gov/vuln/detail/CVE-2026-23474), [CVE-2026-31403](https://nvd.nist.gov/vuln/detail/CVE-2026-31403), [CVE-2026-31402](https://nvd.nist.gov/vuln/detail/CVE-2026-31402), [CVE-2026-31401](https://nvd.nist.gov/vuln/detail/CVE-2026-31401), [CVE-2026-31400](https://nvd.nist.gov/vuln/detail/CVE-2026-31400), [CVE-2026-31399](https://nvd.nist.gov/vuln/detail/CVE-2026-31399), [CVE-2026-31396](https://nvd.nist.gov/vuln/detail/CVE-2026-31396), [CVE-2026-23446](https://nvd.nist.gov/vuln/detail/CVE-2026-23446), [CVE-2026-23445](https://nvd.nist.gov/vuln/detail/CVE-2026-23445), [CVE-2026-23443](https://nvd.nist.gov/vuln/detail/CVE-2026-23443), [CVE-2026-23441](https://nvd.nist.gov/vuln/detail/CVE-2026-23441), [CVE-2026-23471](https://nvd.nist.gov/vuln/detail/CVE-2026-23471), [CVE-2026-23470](https://nvd.nist.gov/vuln/detail/CVE-2026-23470), [CVE-2026-23440](https://nvd.nist.gov/vuln/detail/CVE-2026-23440), [CVE-2026-23466](https://nvd.nist.gov/vuln/detail/CVE-2026-23466), [CVE-2026-23465](https://nvd.nist.gov/vuln/detail/CVE-2026-23465), [CVE-2026-23464](https://nvd.nist.gov/vuln/detail/CVE-2026-23464), [CVE-2026-23463](https://nvd.nist.gov/vuln/detail/CVE-2026-23463), [CVE-2026-23462](https://nvd.nist.gov/vuln/detail/CVE-2026-23462), [CVE-2026-23461](https://nvd.nist.gov/vuln/detail/CVE-2026-23461), [CVE-2026-23460](https://nvd.nist.gov/vuln/detail/CVE-2026-23460), [CVE-2026-23458](https://nvd.nist.gov/vuln/detail/CVE-2026-23458), [CVE-2026-23457](https://nvd.nist.gov/vuln/detail/CVE-2026-23457), [CVE-2026-23439](https://nvd.nist.gov/vuln/detail/CVE-2026-23439), [CVE-2026-23456](https://nvd.nist.gov/vuln/detail/CVE-2026-23456), [CVE-2026-23455](https://nvd.nist.gov/vuln/detail/CVE-2026-23455), [CVE-2026-23454](https://nvd.nist.gov/vuln/detail/CVE-2026-23454), [CVE-2026-23452](https://nvd.nist.gov/vuln/detail/CVE-2026-23452), [CVE-2026-23450](https://nvd.nist.gov/vuln/detail/CVE-2026-23450), [CVE-2026-23449](https://nvd.nist.gov/vuln/detail/CVE-2026-23449), [CVE-2026-23448](https://nvd.nist.gov/vuln/detail/CVE-2026-23448), [CVE-2026-23447](https://nvd.nist.gov/vuln/detail/CVE-2026-23447), [CVE-2026-23438](https://nvd.nist.gov/vuln/detail/CVE-2026-23438), [CVE-2026-23434](https://nvd.nist.gov/vuln/detail/CVE-2026-23434), [CVE-2026-23427](https://nvd.nist.gov/vuln/detail/CVE-2026-23427), [CVE-2026-23428](https://nvd.nist.gov/vuln/detail/CVE-2026-23428), [CVE-2026-23413](https://nvd.nist.gov/vuln/detail/CVE-2026-23413), [CVE-2026-23412](https://nvd.nist.gov/vuln/detail/CVE-2026-23412), [CVE-2026-23399](https://nvd.nist.gov/vuln/detail/CVE-2026-23399), [CVE-2026-23398](https://nvd.nist.gov/vuln/detail/CVE-2026-23398), [CVE-2026-23396](https://nvd.nist.gov/vuln/detail/CVE-2026-23396), [CVE-2026-23397](https://nvd.nist.gov/vuln/detail/CVE-2026-23397), [CVE-2026-23391](https://nvd.nist.gov/vuln/detail/CVE-2026-23391), [CVE-2026-23395](https://nvd.nist.gov/vuln/detail/CVE-2026-23395), [CVE-2026-23393](https://nvd.nist.gov/vuln/detail/CVE-2026-23393), [CVE-2026-23392](https://nvd.nist.gov/vuln/detail/CVE-2026-23392), [CVE-2026-23386](https://nvd.nist.gov/vuln/detail/CVE-2026-23386), [CVE-2026-23375](https://nvd.nist.gov/vuln/detail/CVE-2026-23375), [CVE-2026-23368](https://nvd.nist.gov/vuln/detail/CVE-2026-23368), [CVE-2026-23364](https://nvd.nist.gov/vuln/detail/CVE-2026-23364), [CVE-2026-23321](https://nvd.nist.gov/vuln/detail/CVE-2026-23321), [CVE-2026-23281](https://nvd.nist.gov/vuln/detail/CVE-2026-23281), [CVE-2026-31788](https://nvd.nist.gov/vuln/detail/CVE-2026-31788), [CVE-2024-57946](https://nvd.nist.gov/vuln/detail/CVE-2024-57946), [CVE-2024-57807](https://nvd.nist.gov/vuln/detail/CVE-2024-57807), [CVE-2024-57806](https://nvd.nist.gov/vuln/detail/CVE-2024-57806), [CVE-2024-57805](https://nvd.nist.gov/vuln/detail/CVE-2024-57805), [CVE-2024-57804](https://nvd.nist.gov/vuln/detail/CVE-2024-57804), [CVE-2024-57800](https://nvd.nist.gov/vuln/detail/CVE-2024-57800), [CVE-2024-57799](https://nvd.nist.gov/vuln/detail/CVE-2024-57799), [CVE-2024-57798](https://nvd.nist.gov/vuln/detail/CVE-2024-57798), [CVE-2024-57792](https://nvd.nist.gov/vuln/detail/CVE-2024-57792), [CVE-2024-57793](https://nvd.nist.gov/vuln/detail/CVE-2024-57793), [CVE-2024-56757](https://nvd.nist.gov/vuln/detail/CVE-2024-56757), [CVE-2024-56766](https://nvd.nist.gov/vuln/detail/CVE-2024-56766), [CVE-2024-56765](https://nvd.nist.gov/vuln/detail/CVE-2024-56765), [CVE-2024-56764](https://nvd.nist.gov/vuln/detail/CVE-2024-56764), [CVE-2024-56763](https://nvd.nist.gov/vuln/detail/CVE-2024-56763), [CVE-2024-56762](https://nvd.nist.gov/vuln/detail/CVE-2024-56762), [CVE-2024-56761](https://nvd.nist.gov/vuln/detail/CVE-2024-56761), [CVE-2024-56760](https://nvd.nist.gov/vuln/detail/CVE-2024-56760), [CVE-2024-56759](https://nvd.nist.gov/vuln/detail/CVE-2024-56759), [CVE-2024-56769](https://nvd.nist.gov/vuln/detail/CVE-2024-56769), [CVE-2024-56768](https://nvd.nist.gov/vuln/detail/CVE-2024-56768), [CVE-2024-56767](https://nvd.nist.gov/vuln/detail/CVE-2024-56767), [CVE-2024-56758](https://nvd.nist.gov/vuln/detail/CVE-2024-56758), [CVE-2026-31428](https://nvd.nist.gov/vuln/detail/CVE-2026-31428), [CVE-2026-31427](https://nvd.nist.gov/vuln/detail/CVE-2026-31427), [CVE-2026-31426](https://nvd.nist.gov/vuln/detail/CVE-2026-31426), [CVE-2026-31413](https://nvd.nist.gov/vuln/detail/CVE-2026-31413), [CVE-2026-31408](https://nvd.nist.gov/vuln/detail/CVE-2026-31408), [CVE-2026-31406](https://nvd.nist.gov/vuln/detail/CVE-2026-31406), [CVE-2026-23417](https://nvd.nist.gov/vuln/detail/CVE-2026-23417), [CVE-2026-23414](https://nvd.nist.gov/vuln/detail/CVE-2026-23414), [CVE-2026-31425](https://nvd.nist.gov/vuln/detail/CVE-2026-31425), [CVE-2026-31424](https://nvd.nist.gov/vuln/detail/CVE-2026-31424), [CVE-2026-31423](https://nvd.nist.gov/vuln/detail/CVE-2026-31423), [CVE-2026-31422](https://nvd.nist.gov/vuln/detail/CVE-2026-31422), [CVE-2026-31421](https://nvd.nist.gov/vuln/detail/CVE-2026-31421), [CVE-2026-31414](https://nvd.nist.gov/vuln/detail/CVE-2026-31414), [CVE-2026-31418](https://nvd.nist.gov/vuln/detail/CVE-2026-31418), [CVE-2026-31417](https://nvd.nist.gov/vuln/detail/CVE-2026-31417), [CVE-2026-31416](https://nvd.nist.gov/vuln/detail/CVE-2026-31416), [CVE-2026-31415](https://nvd.nist.gov/vuln/detail/CVE-2026-31415)) #### Bug fixes: - Fixed loading Ignition config from the initrd with `ignition.config.url=oem:///myconf.ign`. This was broken since moving to the minimal initrd. ([scripts#3853](https://github.com/flatcar/scripts/pull/3853)) - Restored the ability to customize PXE images with OEM data. This was broken since moving to the minimal initrd. ([Flatcar#2023](https://github.com/flatcar/Flatcar/issues/2023)) #### Updates: - Linux ([6.12.81](https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tag/?h=v6.12.81) (includes [6.12.80](https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tag/?h=v6.12.80), [6.12.79](https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tag/?h=v6.12.79), [6.12.78](https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tag/?h=v6.12.78), [6.12.77](https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tag/?h=v6.12.77), [6.12.76](https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tag/?h=v6.12.76), [6.12.75](https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tag/?h=v6.12.75))) - ca-certificates ([3.122](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_122.html) (includes [3.121](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_121.html))) ### Stable 4593.2.0 _Changes since **Stable 4459.2.4**_ #### Security fixes: - Linux ([CVE-2026-31411](https://nvd.nist.gov/vuln/detail/CVE-2026-31411), [CVE-2026-23273](https://nvd.nist.gov/vuln/detail/CVE-2026-23273), [CVE-2026-23251](https://nvd.nist.gov/vuln/detail/CVE-2026-23251), [CVE-2026-23249](https://nvd.nist.gov/vuln/detail/CVE-2026-23249), [CVE-2026-23250](https://nvd.nist.gov/vuln/detail/CVE-2026-23250), [CVE-2025-71265](https://nvd.nist.gov/vuln/detail/CVE-2025-71265), [CVE-2026-23243](https://nvd.nist.gov/vuln/detail/CVE-2026-23243), [CVE-2026-23242](https://nvd.nist.gov/vuln/detail/CVE-2026-23242), [CVE-2025-71267](https://nvd.nist.gov/vuln/detail/CVE-2025-71267), [CVE-2025-71266](https://nvd.nist.gov/vuln/detail/CVE-2025-71266), [CVE-2025-71239](https://nvd.nist.gov/vuln/detail/CVE-2025-71239), [CVE-2026-23241](https://nvd.nist.gov/vuln/detail/CVE-2026-23241), [CVE-2026-23239](https://nvd.nist.gov/vuln/detail/CVE-2026-23239), [CVE-2026-23240](https://nvd.nist.gov/vuln/detail/CVE-2026-23240), [CVE-2026-23426](https://nvd.nist.gov/vuln/detail/CVE-2026-23426), [CVE-2026-23422](https://nvd.nist.gov/vuln/detail/CVE-2026-23422), [CVE-2026-23420](https://nvd.nist.gov/vuln/detail/CVE-2026-23420), [CVE-2026-23419](https://nvd.nist.gov/vuln/detail/CVE-2026-23419), [CVE-2026-23410](https://nvd.nist.gov/vuln/detail/CVE-2026-23410), [CVE-2026-23409](https://nvd.nist.gov/vuln/detail/CVE-2026-23409), [CVE-2026-23408](https://nvd.nist.gov/vuln/detail/CVE-2026-23408), [CVE-2026-23407](https://nvd.nist.gov/vuln/detail/CVE-2026-23407), [CVE-2026-23406](https://nvd.nist.gov/vuln/detail/CVE-2026-23406), [CVE-2026-23405](https://nvd.nist.gov/vuln/detail/CVE-2026-23405), [CVE-2026-23404](https://nvd.nist.gov/vuln/detail/CVE-2026-23404), [CVE-2026-23403](https://nvd.nist.gov/vuln/detail/CVE-2026-23403), [CVE-2026-23411](https://nvd.nist.gov/vuln/detail/CVE-2026-23411), [CVE-2026-23359](https://nvd.nist.gov/vuln/detail/CVE-2026-23359), [CVE-2026-23357](https://nvd.nist.gov/vuln/detail/CVE-2026-23357), [CVE-2026-23356](https://nvd.nist.gov/vuln/detail/CVE-2026-23356), [CVE-2026-23354](https://nvd.nist.gov/vuln/detail/CVE-2026-23354), [CVE-2026-23388](https://nvd.nist.gov/vuln/detail/CVE-2026-23388), [CVE-2026-23387](https://nvd.nist.gov/vuln/detail/CVE-2026-23387), [CVE-2026-23383](https://nvd.nist.gov/vuln/detail/CVE-2026-23383), [CVE-2026-23382](https://nvd.nist.gov/vuln/detail/CVE-2026-23382), [CVE-2026-23381](https://nvd.nist.gov/vuln/detail/CVE-2026-23381), [CVE-2026-23380](https://nvd.nist.gov/vuln/detail/CVE-2026-23380), [CVE-2026-23379](https://nvd.nist.gov/vuln/detail/CVE-2026-23379), [CVE-2026-23378](https://nvd.nist.gov/vuln/detail/CVE-2026-23378), [CVE-2026-23373](https://nvd.nist.gov/vuln/detail/CVE-2026-23373), [CVE-2026-23372](https://nvd.nist.gov/vuln/detail/CVE-2026-23372), [CVE-2026-23370](https://nvd.nist.gov/vuln/detail/CVE-2026-23370), [CVE-2026-23352](https://nvd.nist.gov/vuln/detail/CVE-2026-23352), [CVE-2026-23369](https://nvd.nist.gov/vuln/detail/CVE-2026-23369), [CVE-2026-23367](https://nvd.nist.gov/vuln/detail/CVE-2026-23367), [CVE-2026-23365](https://nvd.nist.gov/vuln/detail/CVE-2026-23365), [CVE-2026-23363](https://nvd.nist.gov/vuln/detail/CVE-2026-23363), [CVE-2026-23362](https://nvd.nist.gov/vuln/detail/CVE-2026-23362), [CVE-2026-23361](https://nvd.nist.gov/vuln/detail/CVE-2026-23361), [CVE-2026-23360](https://nvd.nist.gov/vuln/detail/CVE-2026-23360), [CVE-2026-23351](https://nvd.nist.gov/vuln/detail/CVE-2026-23351), [CVE-2026-23308](https://nvd.nist.gov/vuln/detail/CVE-2026-23308), [CVE-2026-23307](https://nvd.nist.gov/vuln/detail/CVE-2026-23307), [CVE-2026-23306](https://nvd.nist.gov/vuln/detail/CVE-2026-23306), [CVE-2026-23304](https://nvd.nist.gov/vuln/detail/CVE-2026-23304), [CVE-2026-23347](https://nvd.nist.gov/vuln/detail/CVE-2026-23347), [CVE-2026-23343](https://nvd.nist.gov/vuln/detail/CVE-2026-23343), [CVE-2026-23340](https://nvd.nist.gov/vuln/detail/CVE-2026-23340), [CVE-2026-23339](https://nvd.nist.gov/vuln/detail/CVE-2026-23339), [CVE-2026-23303](https://nvd.nist.gov/vuln/detail/CVE-2026-23303), [CVE-2026-23336](https://nvd.nist.gov/vuln/detail/CVE-2026-23336), [CVE-2026-23335](https://nvd.nist.gov/vuln/detail/CVE-2026-23335), [CVE-2026-23334](https://nvd.nist.gov/vuln/detail/CVE-2026-23334), [CVE-2026-23325](https://nvd.nist.gov/vuln/detail/CVE-2026-23325), [CVE-2026-23324](https://nvd.nist.gov/vuln/detail/CVE-2026-23324), [CVE-2026-23319](https://nvd.nist.gov/vuln/detail/CVE-2026-23319), [CVE-2026-23318](https://nvd.nist.gov/vuln/detail/CVE-2026-23318), [CVE-2026-23317](https://nvd.nist.gov/vuln/detail/CVE-2026-23317), [CVE-2026-23316](https://nvd.nist.gov/vuln/detail/CVE-2026-23316), [CVE-2026-23315](https://nvd.nist.gov/vuln/detail/CVE-2026-23315), [CVE-2026-23313](https://nvd.nist.gov/vuln/detail/CVE-2026-23313), [CVE-2026-23312](https://nvd.nist.gov/vuln/detail/CVE-2026-23312), [CVE-2026-23310](https://nvd.nist.gov/vuln/detail/CVE-2026-23310), [CVE-2026-23309](https://nvd.nist.gov/vuln/detail/CVE-2026-23309), [CVE-2026-23300](https://nvd.nist.gov/vuln/detail/CVE-2026-23300), [CVE-2026-23279](https://nvd.nist.gov/vuln/detail/CVE-2026-23279), [CVE-2026-23287](https://nvd.nist.gov/vuln/detail/CVE-2026-23287), [CVE-2026-23286](https://nvd.nist.gov/vuln/detail/CVE-2026-23286), [CVE-2026-23285](https://nvd.nist.gov/vuln/detail/CVE-2026-23285), [CVE-2026-23284](https://nvd.nist.gov/vuln/detail/CVE-2026-23284), [CVE-2026-23298](https://nvd.nist.gov/vuln/detail/CVE-2026-23298), [CVE-2026-23297](https://nvd.nist.gov/vuln/detail/CVE-2026-23297), [CVE-2026-23296](https://nvd.nist.gov/vuln/detail/CVE-2026-23296), [CVE-2026-23293](https://nvd.nist.gov/vuln/detail/CVE-2026-23293), [CVE-2026-23292](https://nvd.nist.gov/vuln/detail/CVE-2026-23292), [CVE-2026-23291](https://nvd.nist.gov/vuln/detail/CVE-2026-23291), [CVE-2026-23290](https://nvd.nist.gov/vuln/detail/CVE-2026-23290), [CVE-2026-23289](https://nvd.nist.gov/vuln/detail/CVE-2026-23289), [CVE-2026-23271](https://nvd.nist.gov/vuln/detail/CVE-2026-23271), [CVE-2026-23270](https://nvd.nist.gov/vuln/detail/CVE-2026-23270), [CVE-2026-23268](https://nvd.nist.gov/vuln/detail/CVE-2026-23268), [CVE-2026-23269](https://nvd.nist.gov/vuln/detail/CVE-2026-23269), [CVE-2026-23253](https://nvd.nist.gov/vuln/detail/CVE-2026-23253), [CVE-2026-23246](https://nvd.nist.gov/vuln/detail/CVE-2026-23246), [CVE-2026-23244](https://nvd.nist.gov/vuln/detail/CVE-2026-23244), [CVE-2026-31412](https://nvd.nist.gov/vuln/detail/CVE-2026-31412), [CVE-2026-31410](https://nvd.nist.gov/vuln/detail/CVE-2026-31410), [CVE-2026-31409](https://nvd.nist.gov/vuln/detail/CVE-2026-31409), [CVE-2026-31405](https://nvd.nist.gov/vuln/detail/CVE-2026-31405), [CVE-2026-31394](https://nvd.nist.gov/vuln/detail/CVE-2026-31394), [CVE-2026-31393](https://nvd.nist.gov/vuln/detail/CVE-2026-31393), [CVE-2026-31392](https://nvd.nist.gov/vuln/detail/CVE-2026-31392), [CVE-2026-31391](https://nvd.nist.gov/vuln/detail/CVE-2026-31391), [CVE-2026-31389](https://nvd.nist.gov/vuln/detail/CVE-2026-31389), [CVE-2026-23475](https://nvd.nist.gov/vuln/detail/CVE-2026-23475), [CVE-2026-23474](https://nvd.nist.gov/vuln/detail/CVE-2026-23474), [CVE-2026-31403](https://nvd.nist.gov/vuln/detail/CVE-2026-31403), [CVE-2026-31402](https://nvd.nist.gov/vuln/detail/CVE-2026-31402), [CVE-2026-31401](https://nvd.nist.gov/vuln/detail/CVE-2026-31401), [CVE-2026-31400](https://nvd.nist.gov/vuln/detail/CVE-2026-31400), [CVE-2026-31399](https://nvd.nist.gov/vuln/detail/CVE-2026-31399), [CVE-2026-31396](https://nvd.nist.gov/vuln/detail/CVE-2026-31396), [CVE-2026-23446](https://nvd.nist.gov/vuln/detail/CVE-2026-23446), [CVE-2026-23445](https://nvd.nist.gov/vuln/detail/CVE-2026-23445), [CVE-2026-23443](https://nvd.nist.gov/vuln/detail/CVE-2026-23443), [CVE-2026-23441](https://nvd.nist.gov/vuln/detail/CVE-2026-23441), [CVE-2026-23471](https://nvd.nist.gov/vuln/detail/CVE-2026-23471), [CVE-2026-23470](https://nvd.nist.gov/vuln/detail/CVE-2026-23470), [CVE-2026-23440](https://nvd.nist.gov/vuln/detail/CVE-2026-23440), [CVE-2026-23466](https://nvd.nist.gov/vuln/detail/CVE-2026-23466), [CVE-2026-23465](https://nvd.nist.gov/vuln/detail/CVE-2026-23465), [CVE-2026-23464](https://nvd.nist.gov/vuln/detail/CVE-2026-23464), [CVE-2026-23463](https://nvd.nist.gov/vuln/detail/CVE-2026-23463), [CVE-2026-23462](https://nvd.nist.gov/vuln/detail/CVE-2026-23462), [CVE-2026-23461](https://nvd.nist.gov/vuln/detail/CVE-2026-23461), [CVE-2026-23460](https://nvd.nist.gov/vuln/detail/CVE-2026-23460), [CVE-2026-23458](https://nvd.nist.gov/vuln/detail/CVE-2026-23458), [CVE-2026-23457](https://nvd.nist.gov/vuln/detail/CVE-2026-23457), [CVE-2026-23439](https://nvd.nist.gov/vuln/detail/CVE-2026-23439), [CVE-2026-23456](https://nvd.nist.gov/vuln/detail/CVE-2026-23456), [CVE-2026-23455](https://nvd.nist.gov/vuln/detail/CVE-2026-23455), [CVE-2026-23454](https://nvd.nist.gov/vuln/detail/CVE-2026-23454), [CVE-2026-23452](https://nvd.nist.gov/vuln/detail/CVE-2026-23452), [CVE-2026-23450](https://nvd.nist.gov/vuln/detail/CVE-2026-23450), [CVE-2026-23449](https://nvd.nist.gov/vuln/detail/CVE-2026-23449), [CVE-2026-23448](https://nvd.nist.gov/vuln/detail/CVE-2026-23448), [CVE-2026-23447](https://nvd.nist.gov/vuln/detail/CVE-2026-23447), [CVE-2026-23438](https://nvd.nist.gov/vuln/detail/CVE-2026-23438), [CVE-2026-23434](https://nvd.nist.gov/vuln/detail/CVE-2026-23434), [CVE-2026-23427](https://nvd.nist.gov/vuln/detail/CVE-2026-23427), [CVE-2026-23428](https://nvd.nist.gov/vuln/detail/CVE-2026-23428), [CVE-2026-23413](https://nvd.nist.gov/vuln/detail/CVE-2026-23413), [CVE-2026-23412](https://nvd.nist.gov/vuln/detail/CVE-2026-23412), [CVE-2026-23399](https://nvd.nist.gov/vuln/detail/CVE-2026-23399), [CVE-2026-23398](https://nvd.nist.gov/vuln/detail/CVE-2026-23398), [CVE-2026-23396](https://nvd.nist.gov/vuln/detail/CVE-2026-23396), [CVE-2026-23397](https://nvd.nist.gov/vuln/detail/CVE-2026-23397), [CVE-2026-23391](https://nvd.nist.gov/vuln/detail/CVE-2026-23391), [CVE-2026-23395](https://nvd.nist.gov/vuln/detail/CVE-2026-23395), [CVE-2026-23393](https://nvd.nist.gov/vuln/detail/CVE-2026-23393), [CVE-2026-23392](https://nvd.nist.gov/vuln/detail/CVE-2026-23392), [CVE-2026-23386](https://nvd.nist.gov/vuln/detail/CVE-2026-23386), [CVE-2026-23375](https://nvd.nist.gov/vuln/detail/CVE-2026-23375), [CVE-2026-23368](https://nvd.nist.gov/vuln/detail/CVE-2026-23368), [CVE-2026-23364](https://nvd.nist.gov/vuln/detail/CVE-2026-23364), [CVE-2026-23321](https://nvd.nist.gov/vuln/detail/CVE-2026-23321), [CVE-2026-23281](https://nvd.nist.gov/vuln/detail/CVE-2026-23281), [CVE-2026-31788](https://nvd.nist.gov/vuln/detail/CVE-2026-31788), [CVE-2024-57946](https://nvd.nist.gov/vuln/detail/CVE-2024-57946), [CVE-2024-57807](https://nvd.nist.gov/vuln/detail/CVE-2024-57807), [CVE-2024-57806](https://nvd.nist.gov/vuln/detail/CVE-2024-57806), [CVE-2024-57805](https://nvd.nist.gov/vuln/detail/CVE-2024-57805), [CVE-2024-57804](https://nvd.nist.gov/vuln/detail/CVE-2024-57804), [CVE-2024-57800](https://nvd.nist.gov/vuln/detail/CVE-2024-57800), [CVE-2024-57799](https://nvd.nist.gov/vuln/detail/CVE-2024-57799), [CVE-2024-57798](https://nvd.nist.gov/vuln/detail/CVE-2024-57798), [CVE-2024-57792](https://nvd.nist.gov/vuln/detail/CVE-2024-57792), [CVE-2024-57793](https://nvd.nist.gov/vuln/detail/CVE-2024-57793), [CVE-2024-56757](https://nvd.nist.gov/vuln/detail/CVE-2024-56757), [CVE-2024-56766](https://nvd.nist.gov/vuln/detail/CVE-2024-56766), [CVE-2024-56765](https://nvd.nist.gov/vuln/detail/CVE-2024-56765), [CVE-2024-56764](https://nvd.nist.gov/vuln/detail/CVE-2024-56764), [CVE-2024-56763](https://nvd.nist.gov/vuln/detail/CVE-2024-56763), [CVE-2024-56762](https://nvd.nist.gov/vuln/detail/CVE-2024-56762), [CVE-2024-56761](https://nvd.nist.gov/vuln/detail/CVE-2024-56761), [CVE-2024-56760](https://nvd.nist.gov/vuln/detail/CVE-2024-56760), [CVE-2024-56759](https://nvd.nist.gov/vuln/detail/CVE-2024-56759), [CVE-2024-56769](https://nvd.nist.gov/vuln/detail/CVE-2024-56769), [CVE-2024-56768](https://nvd.nist.gov/vuln/detail/CVE-2024-56768), [CVE-2024-56767](https://nvd.nist.gov/vuln/detail/CVE-2024-56767), [CVE-2024-56758](https://nvd.nist.gov/vuln/detail/CVE-2024-56758), [CVE-2026-31428](https://nvd.nist.gov/vuln/detail/CVE-2026-31428), [CVE-2026-31427](https://nvd.nist.gov/vuln/detail/CVE-2026-31427), [CVE-2026-31426](https://nvd.nist.gov/vuln/detail/CVE-2026-31426), [CVE-2026-31413](https://nvd.nist.gov/vuln/detail/CVE-2026-31413), [CVE-2026-31408](https://nvd.nist.gov/vuln/detail/CVE-2026-31408), [CVE-2026-31406](https://nvd.nist.gov/vuln/detail/CVE-2026-31406), [CVE-2026-23417](https://nvd.nist.gov/vuln/detail/CVE-2026-23417), [CVE-2026-23414](https://nvd.nist.gov/vuln/detail/CVE-2026-23414), [CVE-2026-31425](https://nvd.nist.gov/vuln/detail/CVE-2026-31425), [CVE-2026-31424](https://nvd.nist.gov/vuln/detail/CVE-2026-31424), [CVE-2026-31423](https://nvd.nist.gov/vuln/detail/CVE-2026-31423), [CVE-2026-31422](https://nvd.nist.gov/vuln/detail/CVE-2026-31422), [CVE-2026-31421](https://nvd.nist.gov/vuln/detail/CVE-2026-31421), [CVE-2026-31414](https://nvd.nist.gov/vuln/detail/CVE-2026-31414), [CVE-2026-31418](https://nvd.nist.gov/vuln/detail/CVE-2026-31418), [CVE-2026-31417](https://nvd.nist.gov/vuln/detail/CVE-2026-31417), [CVE-2026-31416](https://nvd.nist.gov/vuln/detail/CVE-2026-31416), [CVE-2026-31415](https://nvd.nist.gov/vuln/detail/CVE-2026-31415)) - binutils ([CVE-2025-5244](https://www.cve.org/CVERecord?id=CVE-2025-5244), [CVE-2025-5245](https://www.cve.org/CVERecord?id=CVE-2025-5245) [CVE-2025-8225](https://www.cve.org/CVERecord?id=CVE-2025-8225)) - coreutils ([CVE-2025-5278](https://www.cve.org/CVERecord?id=CVE-2025-5278)) - curl ([CVE-2025-9086](https://www.cve.org/CVERecord?id=CVE-2025-9086), [CVE-2025-10148](https://www.cve.org/CVERecord?id=CVE-2025-10148)) - expat ([CVE-2025-59375](https://www.cve.org/CVERecord?id=CVE-2025-59375)) - gnupg ([CVE-2025-68972](https://www.cve.org/CVERecord/?id=CVE-2025-68972), [CVE-2025-68973](https://www.cve.org/CVERecord/?id=CVE-2025-68973), [gnupg-20251228-notdash](https://gpg.fail/notdash)) - go ([CVE-2025-47910](https://www.cve.org/CVERecord?id=CVE-2025-47910), [CVE-2025-47912](https://www.cve.org/CVERecord?id=CVE-2025-47912), [CVE-2025-58183](https://www.cve.org/CVERecord?id=CVE-2025-58183), [CVE-2025-58185](https://www.cve.org/CVERecord?id=CVE-2025-58185), [CVE-2025-58186](https://www.cve.org/CVERecord?id=CVE-2025-58186), [CVE-2025-58187](https://www.cve.org/CVERecord?id=CVE-2025-58187), [CVE-2025-58188](https://www.cve.org/CVERecord?id=CVE-2025-58188), [CVE-2025-58189](https://www.cve.org/CVERecord?id=CVE-2025-58189), [CVE-2025-61723](https://www.cve.org/CVERecord?id=CVE-2025-61723), [CVE-2025-61724](https://www.cve.org/CVERecord?id=CVE-2025-61724), [CVE-2025-61725](https://www.cve.org/CVERecord?id=CVE-2025-61725)) - intel-microcode ([CVE-2024-28956](https://www.cve.org/CVERecord?id=CVE-2024-28956), [CVE-2024-43420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43420), [CVE-2024-45332](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45332), [CVE-2025-20012](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20012), [CVE-2025-20054](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20054), [CVE-2025-20103](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20103), [CVE-2025-20623](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20623), [CVE-2025-24495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24495), [CVE-2025-20053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20053), [CVE-2025-20109](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20109), [CVE-2025-22839](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22839), [CVE-2025-22840](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22840), [CVE-2025-22889](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22889), [CVE-2025-26403](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26403)) - libpcre2 ([CVE-2025-58050](https://www.cve.org/CVERecord?id=CVE-2025-58050)) - libxml2 ([libxml2-20250908](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.9)) - libxslt ([CVE-2025-7424](https://www.cve.org/CVERecord?id=CVE-2025-7424), [CVE-2025-7425](https://www.cve.org/CVERecord?id=CVE-2025-7425)) - net-tools ([CVE-2025-46836](https://www.cve.org/CVERecord?id=CVE-2025-46836)) - nvidia-drivers ([CVE-2025-23280](https://www.cve.org/CVERecord?id=CVE-2025-23280), [CVE-2025-23282](https://www.cve.org/CVERecord?id=CVE-2025-23282), [CVE-2025-23300](https://www.cve.org/CVERecord?id=CVE-2025-23300), [CVE-2025-23330](https://www.cve.org/CVERecord?id=CVE-2025-23330), [CVE-2025-23332](https://www.cve.org/CVERecord?id=CVE-2025-23332), [CVE-2025-23345](https://www.cve.org/CVERecord?id=CVE-2025-23345)) - openssh ([CVE-2025-61984](https://www.cve.org/CVERecord?id=CVE-2025-61984), [CVE-2025-61985](https://www.cve.org/CVERecord?id=CVE-2025-61985)) - openssl ([CVE-2025-9230](https://www.cve.org/CVERecord?id=CVE-2025-9230), [CVE-2025-9231](https://www.cve.org/CVERecord?id=CVE-2025-9231), [CVE-2025-9232](https://www.cve.org/CVERecord?id=CVE-2025-9232)) - pam ([CVE-2024-22365](https://nvd.nist.gov/vuln/detail/CVE-2024-22365), [CVE-2024-10041](https://nvd.nist.gov/vuln/detail/CVE-2024-10041), [CVE-2024-10963](https://nvd.nist.gov/vuln/detail/CVE-2024-10963), [CVE-2025-6020](https://nvd.nist.gov/vuln/detail/CVE-2025-6020)) #### Bug fixes: - Alpha only: Added Fusion SCSI disk drivers back to the initrd after they got lost in the rework ([Flatcar#1924](https://github.com/flatcar/Flatcar/issues/1924)) - Alpha only: Fixed systemd-sysext payload handling for air-gapped/self-hosted updates which was a known bug for 4487.0.0 ([ue-rs#93](https://github.com/flatcar/ue-rs/pull/93)) - Configured the services in the overlaybd sysext to start automatically like the other sysexts. Note that the sysext must be enabled at boot time for this to happen, otherwise you need to call `systemd-tmpfiles --create` and `systemctl daemon-reload` first. - Dropped debug symbols from containerd, incus, and overlaybd system extensions to reduce download size. - Enabled back PAM sssd support for LDAP authentication ([scripts#3696](https://github.com/flatcar/scripts/pull/3696)) - Fixed SSSD startup failure by adding back LDB modules into the image, which got lost after a Samba update ([Flatcar#1919](https://github.com/flatcar/Flatcar/issues/1919)) - Fixed a kernel boot warning when loading an explicit list of kernel modules in the minimal first-stage initrd ([Flatcar#1934](https://github.com/flatcar/Flatcar/issues/1934)) - Fixed loading Ignition config from the initrd with `ignition.config.url=oem:///myconf.ign`. This was broken since moving to the minimal initrd. ([scripts#3853](https://github.com/flatcar/scripts/pull/3853)) - Restored the ability to customize PXE images with OEM data. This was broken since moving to the minimal initrd. ([Flatcar#2023](https://github.com/flatcar/Flatcar/issues/2023)) #### Changes: - Added support for the kernel cmdline parameters `flatcar.release_file_server_url` and `flatcar.dev_file_server_url` to specify custom servers where Flatcar extensions should be downloaded on boot ([bootengine#112](https://github.com/flatcar/bootengine/pull/112)) - Alpha only: Reduced Azure image size again to 30 GB as before by shrinking the root partition to compensate for the growth of the other partitions ([scripts#3460](https://github.com/flatcar/scripts/pull/3460)) - Dropped Ciphers, MACs, and KexAlgorithms from the sshd configuration so that the OpenSSH upstream defaults are used. This introduces post-quantum key exchange algorithms for better security. ([Flatcar#1921](https://github.com/flatcar/Flatcar/issues/1921)). Users requiring legacy Ciphers, MACs, and/or KexAlgos can override / re-enable this by deploying a custom drop-in config to `/etc/ssh/sshd_config.d/`. - Enabled netkit module ([scripts#3524](https://github.com/flatcar/scripts/pull/3524)) - Function tracer (ftrace) enabled in ARM64 builds. (Enables CONFIG_FUNCTION_TRACER & CONFIG_DYNAMIC_FTRACE for observability and security tools) ([flatcar/scripts#3685](https://github.com/flatcar/scripts/pull/3685)) - Increased all partition sizes: `/boot` to 1 GB, the two `/usr` partitions to 2 GB, `/oem` to 1 GB so that we can use more space in a few years when we can assume that most nodes run the new partition layout - existing nodes can still update for the next years ([scripts#3027](https://github.com/flatcar/scripts/pull/3027)) - Reduced the kernel+initrd size on `/boot` by half. Flatcar now uses a minimal first stage initrd just to access the `/usr` partition and then switches to the full initrd that does the full system preparation as before. Since this means that the set of kernel modules available in the first initrd is reduced, please report any impact. - The way that files for building custom kernel modules are installed has changed from a Ubuntu-inspired method to the standard upstream kernel method. In the unlikely event that this breaks your module builds, please let the Flatcar team know immediately. - `/etc/shadow`, `/etc/gshadow` are now owned by the `shadow` group, `/usr/bin/unix_chkpwd`, `/usr/bin/chage` and `/usr/bin/expiry` are now also owned by the `shadow` group with a sticky bit enabled. (Continued in https://hackmd.io/JCO_Ck9XQTqWs-EdVEQQiw)