SKS Node Templates update for Copy Fail and Dirty Frag
May 8, 2026
SKSSecurity
We re-released the SKS Node Operating System images to include mitigations for the recently disclosed Copy Fail and Dirty Frag security vulnerabilities.
The updated images include mitigations for:
- Copy Fail (CVE-2026-31431)
- Dirty Frag (CVE-2026-43284, CVE-2026-43500)
To ensure your SKS clusters are no longer impacted, worker nodes managed by both SKS NodePools and SKS Karpenter must:
- Run Kubernetes 1.33.11, 1.34.7, 1.35.4 or 1.36.0
- Have been deployed after May 8, 2026 at 15:55 CEST
Clusters meeting these requirements no longer need the temporary workarounds communicated in the previous security advisory sent on May 1st, 2026.
Existing clusters running older nodes should be upgraded and nodes should be cycled to apply the updated images.
Upgrade your SKS clusters and cycle worker nodes to ensure the updated mitigations are applied.
