From 1e57e5e96cd770f01bf14151b6de51693caa188d Mon Sep 17 00:00:00 2001
From: Dmitry Lopatin <dmitry.lopatin@flant.com>
Date: Tue, 12 May 2026 22:50:40 +0300
Subject: [PATCH 1/2] chore(core): cve mitigation 11-05-2026

 - Fix CVE-2026-29181: OpenTelemetry-Go: multi-value baggage header extraction causes excessive
 allocations (remote dos amplification)
 - Fix CVE-2026-33811: When using LookupCNAME with the cgo DNS resolver, a very long CNAME...
 - Fix CVE-2026-33814: When processing HTTP/2 SETTINGS frames, transport will enter an infini ...
 - Fix CVE-2026-39820: Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...
 - Fix CVE-2026-39823: CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...
 - Fix CVE-2026-39825: ReverseProxy can forward queries containing parameters not visible to ...
 - Fix CVE-2026-39826: If a trusted template author were to write a <script> tag containing...
 - Fix CVE-2026-39836: Panic in Dial and LookupPort when handling NUL byte on Windows in...
 - Fix CVE-2026-41520: Cillium exposes sensitive information included in the cilium-bugtool debug
 archive
 - Fix CVE-2026-42499: Pathological inputs could cause DoS through consumePhrase when parsing ...

Signed-off-by: Dmitry Lopatin <dmitry.lopatin@flant.com>
---
 api/client/examples/cancel-evacuation/go.mod |   2 +-
 api/client/examples/list-resources/go.mod    |   2 +-
 api/client/examples/resourceclaim/go.mod     |   2 +-
 api/go.mod                                   |   2 +-
 build/base-images/deckhouse_images.yml       | 112 ++++++++++---------
 build/components/versions.yml                |   2 +-
 images/dvcr-artifact/go.mod                  |   2 +-
 images/hooks/go.mod                          |   4 +-
 images/kube-api-rewriter/go.mod              |   2 +-
 images/pre-delete-hook/go.mod                |   2 +-
 images/virt-launcher/node-labeller/go.mod    |   2 +-
 images/virt-launcher/vlctl/go.mod            |   2 +-
 images/virtualization-artifact/go.mod        |   2 +-
 images/virtualization-dra/go.mod             |   4 +-
 images/virtualization-dra/go.sum             |  12 +-
 images/vm-route-forge/go.mod                 |  22 ++--
 images/vm-route-forge/go.sum                 |  52 +++++----
 src/cli/go.mod                               |   2 +-
 test/e2e/go.mod                              |   2 +-
 test/performance/tools/shatal/go.mod         |   2 +-
 20 files changed, 121 insertions(+), 113 deletions(-)

diff --git a/api/client/examples/cancel-evacuation/go.mod b/api/client/examples/cancel-evacuation/go.mod
index 8d6ee870d3..d81a377a52 100644
--- a/api/client/examples/cancel-evacuation/go.mod
+++ b/api/client/examples/cancel-evacuation/go.mod
@@ -1,6 +1,6 @@
 module github.com/deckhouse/virtualization/api/client/examples/cancel-evacuation
 
-go 1.25.9
+go 1.25.10
 
 require (
 	github.com/deckhouse/virtualization/api v1.6.1
diff --git a/api/client/examples/list-resources/go.mod b/api/client/examples/list-resources/go.mod
index 81d49cae4c..80f5873631 100644
--- a/api/client/examples/list-resources/go.mod
+++ b/api/client/examples/list-resources/go.mod
@@ -1,6 +1,6 @@
 module github.com/deckhouse/virtualization/api/client/examples/list-resources
 
-go 1.25.9
+go 1.25.10
 
 require (
 	github.com/deckhouse/virtualization/api v1.6.1
diff --git a/api/client/examples/resourceclaim/go.mod b/api/client/examples/resourceclaim/go.mod
index 27e31bf06a..19a85286ba 100644
--- a/api/client/examples/resourceclaim/go.mod
+++ b/api/client/examples/resourceclaim/go.mod
@@ -1,6 +1,6 @@
 module github.com/deckhouse/virtualization/api/client/examples/resourceclaim
 
-go 1.25.9
+go 1.25.10
 
 require (
 	github.com/deckhouse/virtualization/api v1.6.1
diff --git a/api/go.mod b/api/go.mod
index 65845c92ac..0835d6247c 100644
--- a/api/go.mod
+++ b/api/go.mod
@@ -1,6 +1,6 @@
 module github.com/deckhouse/virtualization/api
 
-go 1.25.9
+go 1.25.10
 
 tool (
 	k8s.io/code-generator
diff --git a/build/base-images/deckhouse_images.yml b/build/base-images/deckhouse_images.yml
index c9fec607d5..bf358d32b9 100644
--- a/build/base-images/deckhouse_images.yml
+++ b/build/base-images/deckhouse_images.yml
@@ -1,21 +1,22 @@
-# version=v0.5.68
+# version=v0.5.77
 # REGISTRY_PATH is a special key which is concatenated with other base images
 REGISTRY_PATH: registry.deckhouse.io/base_images
 base/distroless: "sha256:9b74f52a191b90ceeba64b8c11dfd1ae054a82dbd360d4df6530637f60707bf7" # from: builder/scratch
 base/nginx-release-1.28.0: "sha256:305a6086dbeba19f9a7d3bb65636680112bb3538dde961edc52c6af8ee8891cd" # from: tools/nginx-release-1.28.0
 base/nginx: "sha256:305a6086dbeba19f9a7d3bb65636680112bb3538dde961edc52c6af8ee8891cd" # from: tools/nginx-release-1.28.0
-base/python: "sha256:459f2773c568d992759c6c4a6b54cd692e15dcca716f3ca20879973efbef2bbb" # from: builder/scratch
-base/python-v3.12.12: "sha256:459f2773c568d992759c6c4a6b54cd692e15dcca716f3ca20879973efbef2bbb" # from: builder/scratch
+base/python-3.12: "sha256:3fd1ee22f9b0c2a0d4a3c9c82d343e79bd7b0d2f2cb98a530c3b540e908e7d91" # from: builder/scratch
+base/python-3.14: "sha256:52710f0f06f7da8b3c7bd8f2feeec25d8a01470fa98a19d41046e85c9566f916" # from: builder/scratch
+base/python: "sha256:52710f0f06f7da8b3c7bd8f2feeec25d8a01470fa98a19d41046e85c9566f916" # from: builder/scratch
 base/redis-7.4.5: "sha256:8a9ed1dfaa235e34887388b8d28ec62c243bbf01eb83f5f84370fc98bcdc1911" # from: builder/scratch
 base/redis-7.4.7: "sha256:27a2b389e378c466012e9a75008e80fa9de125f092dbd7e48d8a962ed377834b" # from: builder/scratch
 base/redis: "sha256:27a2b389e378c466012e9a75008e80fa9de125f092dbd7e48d8a962ed377834b" # from: builder/scratch
-base/ruby-bundler: "sha256:8e2b58fbc7767edfddc1b9f0f3f26931518934e68e20d84d4de4d238bb2f8a77" # from: builder/alpine
-base/ruby-bundler-v3_4_9: "sha256:8e2b58fbc7767edfddc1b9f0f3f26931518934e68e20d84d4de4d238bb2f8a77" # from: builder/alpine
-base/ruby: "sha256:4e931fab3a0dbcc8d9880461ef2199b80c81b989b0a581df8062d700c7458f58" # from: base/distroless
-base/ruby-v3_4_9: "sha256:4e931fab3a0dbcc8d9880461ef2199b80c81b989b0a581df8062d700c7458f58" # from: base/distroless
+base/ruby-bundler: "sha256:ef68153bcf5517c72d78471f730c25bc6f58e47d62a759266f9f8a2401ea6f81" # from: builder/alpine
+base/ruby-bundler-v3_4_9: "sha256:ef68153bcf5517c72d78471f730c25bc6f58e47d62a759266f9f8a2401ea6f81" # from: builder/alpine
+base/ruby: "sha256:96c9c91e2c419bffb604975c0d7eab2a3361cda5e5a264a5908f59b296fe6b74" # from: base/distroless
+base/ruby-v3_4_9: "sha256:96c9c91e2c419bffb604975c0d7eab2a3361cda5e5a264a5908f59b296fe6b74" # from: base/distroless
 base/scratch: "sha256:cfac1c6b53f9365ee59ffe94c90211253f2a85ece372a6a9dfad61f4e0ab0bea" # from: builder/scratch
-base/shell-operator: "sha256:2112f086205eeffd0d70731340e33c002fd8ebc85c4964f4cb7912d930da435d" # from: builder/scratch
-base/shell-operator-v1.14.3: "sha256:2112f086205eeffd0d70731340e33c002fd8ebc85c4964f4cb7912d930da435d" # from: builder/scratch
+base/shell-operator: "sha256:c6426f0da056974794bc0da9a3e74c9ee1f7ced8296f3f2b345643ce11bfa8c3" # from: builder/scratch
+base/shell-operator-v1.16.4: "sha256:c6426f0da056974794bc0da9a3e74c9ee1f7ced8296f3f2b345643ce11bfa8c3" # from: builder/scratch
 builder/alpine-3.21: "sha256:924f440a8693883b9317f3fe5ab34431f711c08dcc9f61ac4ac4dd3cca4ff3f5" # from: alpine:3.21.5
 builder/alpine-3.22: "sha256:2ffd38fd342a64e79ed28cf52d71216bf119b28d96b9871184acfea672a7acc8" # from: alpine:3.22.2
 builder/alpine: "sha256:2ffd38fd342a64e79ed28cf52d71216bf119b28d96b9871184acfea672a7acc8" # from: alpine:3.22.2
@@ -31,31 +32,31 @@ builder/debian-svace: "sha256:efc4539ef4b04be27ff722d3182fc6b108fe9dec9904c3d066
 builder/debian-svace-trixie-slim: "sha256:efc4539ef4b04be27ff722d3182fc6b108fe9dec9904c3d066f38eba88ce52c8" # from: builder/debian-trixie-slim
 builder/debian-trixie-slim: "sha256:cb1a802f2b79d201ed2a530c99b9fa0188187783c7c396ec40b9f458ab44d426" # from: debian:trixie-slim
 builder/golang-alpine-1.24: "sha256:fc2b5185de5be4b0a37a43579ff080e4d061a83f4028056603b7f87e94c6ca7d" # from: builder/alpine
-builder/golang-alpine-1.25: "sha256:379017641b538725a5c0a5ac3228e09f54ca823b84407f19908e04760c84a3a9" # from: builder/alpine
-builder/golang-alpine: "sha256:379017641b538725a5c0a5ac3228e09f54ca823b84407f19908e04760c84a3a9" # from: builder/alpine
+builder/golang-alpine-1.25: "sha256:eb34dac119058c4971449f2926ea654067b1b6d87d9be1b1d24a5589dc79c5d2" # from: builder/alpine
+builder/golang-alpine: "sha256:eb34dac119058c4971449f2926ea654067b1b6d87d9be1b1d24a5589dc79c5d2" # from: builder/alpine
 builder/golang-alpine-svace-1.24: "sha256:4f456e3016bb66c97c4573e43336ad68a0bb1aedea731790aea80cc1332ef543" # from: builder/golang-alpine-1.24
-builder/golang-alpine-svace-1.25: "sha256:cd91fd78ad02651674a2aca9ecc3c09f94b49a656270167389b17b5c743e3f4e" # from: builder/golang-alpine-1.25
-builder/golang-alpine-svace: "sha256:cd91fd78ad02651674a2aca9ecc3c09f94b49a656270167389b17b5c743e3f4e" # from: builder/golang-alpine-1.25
+builder/golang-alpine-svace-1.25: "sha256:bf36bf6cc7552cc5ced5d63ad3beef33bf3ef268423ed8ddc6627deb547f86a2" # from: builder/golang-alpine-1.25
+builder/golang-alpine-svace: "sha256:bf36bf6cc7552cc5ced5d63ad3beef33bf3ef268423ed8ddc6627deb547f86a2" # from: builder/golang-alpine-1.25
 builder/golang-alt-1.24: "sha256:d94eb1b152ce5352557824ea0cf5c0b4d9bb29365d200d7248bfab751f588d3c" # from: builder/alt
-builder/golang-alt-1.25: "sha256:c2102dc56e98f3812f6b7ed10807f38f73e10b1b3a6e5dd2cd80f87b6448a146" # from: builder/alt
-builder/golang-alt: "sha256:c2102dc56e98f3812f6b7ed10807f38f73e10b1b3a6e5dd2cd80f87b6448a146" # from: builder/alt
+builder/golang-alt-1.25: "sha256:e25c039f93603bf487e4c7d0b23e1c384213c42e5011f893ff6fc03f496c795b" # from: builder/alt
+builder/golang-alt: "sha256:e25c039f93603bf487e4c7d0b23e1c384213c42e5011f893ff6fc03f496c795b" # from: builder/alt
 builder/golang-alt-svace-1.24: "sha256:5f2f6b8b34e1b150663fcc88562abff9a7fffc49c1efa5f33680942bc34bcf0a" # from: builder/golang-alt-1.24
-builder/golang-alt-svace-1.25: "sha256:a233be58d0c3f6ca19a21b8d844838ab928a8fc3c4f5aa7d94cebb151a0b908f" # from: builder/golang-alt-1.25
-builder/golang-alt-svace: "sha256:a233be58d0c3f6ca19a21b8d844838ab928a8fc3c4f5aa7d94cebb151a0b908f" # from: builder/golang-alt-1.25
+builder/golang-alt-svace-1.25: "sha256:6e1acaeae6f468fcd89e90d93853d2f26476007ce7f6f336e0f0910d82a29ebd" # from: builder/golang-alt-1.25
+builder/golang-alt-svace: "sha256:6e1acaeae6f468fcd89e90d93853d2f26476007ce7f6f336e0f0910d82a29ebd" # from: builder/golang-alt-1.25
 builder/golang-bookworm-1.24: "sha256:b0a75cc285d3c6319980e96d0b65afb8d293f83f303faebcd8720d117d9b440d" # from: golang:1.24.13-bookworm
-builder/golang-bookworm-1.25: "sha256:2fa0da12f239d1696f2f790ac8332ae4790f1b9db9d1e785778c4a64e2481544" # from: golang:1.25.9-bookworm
-builder/golang-bookworm: "sha256:2fa0da12f239d1696f2f790ac8332ae4790f1b9db9d1e785778c4a64e2481544" # from: golang:1.25.9-bookworm
+builder/golang-bookworm-1.25: "sha256:5f09a2c36ae78d40d8196ddab19797aae92c5ecce38749022d04625548d798b6" # from: golang:1.25.10-bookworm
+builder/golang-bookworm: "sha256:5f09a2c36ae78d40d8196ddab19797aae92c5ecce38749022d04625548d798b6" # from: golang:1.25.10-bookworm
 builder/golang-bookworm-svace-1.24: "sha256:dbf38fca4eb7a3d3dbed2e4314d9786e1258cb922ebb8aa419397d072433299a" # from: builder/golang-bookworm-1.24
-builder/golang-bookworm-svace-1.25: "sha256:7a06edaecbca8d409a49a33079d43c619bb193f877abedd59963aa3041494375" # from: builder/golang-bookworm-1.25
-builder/golang-bookworm-svace: "sha256:7a06edaecbca8d409a49a33079d43c619bb193f877abedd59963aa3041494375" # from: builder/golang-bookworm-1.25
+builder/golang-bookworm-svace-1.25: "sha256:ebe80577d8c8f214c4915a070be3e948c5e992591af7f3647ea26b2024a691a2" # from: builder/golang-bookworm-1.25
+builder/golang-bookworm-svace: "sha256:ebe80577d8c8f214c4915a070be3e948c5e992591af7f3647ea26b2024a691a2" # from: builder/golang-bookworm-1.25
 builder/golang-bullseye-1.24: "sha256:edb0672cf82cddf04047b2f9f0cfdff268a318762bdac70f2cfe75bc9b1395d7" # from: golang:1.24.6-bullseye
 builder/golang-bullseye: "sha256:edb0672cf82cddf04047b2f9f0cfdff268a318762bdac70f2cfe75bc9b1395d7" # from: golang:1.24.6-bullseye
 builder/golang-gost-alpine-1.24: "sha256:16bcc9b40b7a6dc665cb0951a50dba066d116ce49d0a882bdb95228bcd85495f" # from: golang:1.24.13-alpine3.22
-builder/golang-gost-alpine-1.25: "sha256:8d975385e3f560e5bf2b01098861e167d27a4cb00e55e6d43b491fc2f32ab0fa" # from: golang:1.25.9-alpine3.22
-builder/golang-gost-alpine: "sha256:8d975385e3f560e5bf2b01098861e167d27a4cb00e55e6d43b491fc2f32ab0fa" # from: golang:1.25.9-alpine3.22
+builder/golang-gost-alpine-1.25: "sha256:38c7ffb166d3783153bc00dd52a297e60926bc8c6c1c37978b8d5fdb12be04e8" # from: golang:1.25.10-alpine3.22
+builder/golang-gost-alpine: "sha256:38c7ffb166d3783153bc00dd52a297e60926bc8c6c1c37978b8d5fdb12be04e8" # from: golang:1.25.10-alpine3.22
 builder/golang-gost-bookworm-1.24: "sha256:c5f5c7b6080218d0a1d50ac63dee2eca2b4846969f935dceb17b5dd0588e537c" # from: golang:1.24.13-bookworm
-builder/golang-gost-bookworm-1.25: "sha256:6ffbe56b05964b074b09a266d8495d9f26cfd7abc9c7a90d1dd0ea0ddedbab0a" # from: golang:1.25.9-bookworm
-builder/golang-gost-bookworm: "sha256:6ffbe56b05964b074b09a266d8495d9f26cfd7abc9c7a90d1dd0ea0ddedbab0a" # from: golang:1.25.9-bookworm
+builder/golang-gost-bookworm-1.25: "sha256:4f06f6f7899af46908f7e46cb9c8bb4dd0f9cbc8bdc9e4cd00b28d5b9bdabb4e" # from: golang:1.25.10-bookworm
+builder/golang-gost-bookworm: "sha256:4f06f6f7899af46908f7e46cb9c8bb4dd0f9cbc8bdc9e4cd00b28d5b9bdabb4e" # from: golang:1.25.10-bookworm
 builder/golang-gost-bullseye-1.24: "sha256:f2c49b83f2da84d9410bef8ee882f44e53ec95d7fc2673d265749c217ddfb869" # from: golang:1.24.6-bullseye
 builder/golang-gost-bullseye: "sha256:f2c49b83f2da84d9410bef8ee882f44e53ec95d7fc2673d265749c217ddfb869" # from: golang:1.24.6-bullseye
 builder/node-alpine-22.16: "sha256:961b4daaac24616952620706e81d266ed41d973b8c134ecaaa05d274e035cd70" # from: node:22.16.0-alpine
@@ -78,8 +79,8 @@ libs/bzip2-bzip2-1.0.8: "sha256:f0fc0373743322145b5f52582490fa49c1d8c51dd0f70287
 libs/bzip2: "sha256:f0fc0373743322145b5f52582490fa49c1d8c51dd0f70287f0d2e294106ab263" # from: builder/scratch
 libs/c-ares: "sha256:5738a4a5029c38ca358b307356f90f33de9b778abca1592483809b1c4f32d8aa" # from: builder/scratch
 libs/c-ares-v1.34.5: "sha256:5738a4a5029c38ca358b307356f90f33de9b778abca1592483809b1c4f32d8aa" # from: builder/scratch
-libs/gdbm: "sha256:b079a09ee6753dac317b7e8ec97c3cb4e392a2641315babb53acf4bf7391a0e1" # from: builder/scratch
-libs/gdbm-v1.24: "sha256:b079a09ee6753dac317b7e8ec97c3cb4e392a2641315babb53acf4bf7391a0e1" # from: builder/scratch
+libs/gdbm: "sha256:a78f8c956c8baa8d6cd97a2b8ed13af9a2cf05a3271957bd0e6c24812726e031" # from: builder/scratch
+libs/gdbm-v1.24: "sha256:a78f8c956c8baa8d6cd97a2b8ed13af9a2cf05a3271957bd0e6c24812726e031" # from: builder/scratch
 libs/glibc: "sha256:c73a69aa3669683eaa86d41d7dc5155687d5ebba4d4ee8230f28aebf0cd0d6d5" # from: builder/scratch
 libs/glibc-v2.41: "sha256:c73a69aa3669683eaa86d41d7dc5155687d5ebba4d4ee8230f28aebf0cd0d6d5" # from: builder/scratch
 libs/gmp-6.3.0: "sha256:0acb0d524ea27309ded2a7cf0bccf648c23e8772edfcdbcb1b5028ec7e52e313" # from: builder/scratch
@@ -105,8 +106,8 @@ libs/libevent-release-2.2.1-alpha: "sha256:e2abf4f47f616a36ceb2f601f63297eb56f0f
 libs/libevent: "sha256:e2abf4f47f616a36ceb2f601f63297eb56f0f4b60ab024b464c4a968cc8ada50" # from: builder/scratch
 libs/libev: "sha256:58d32c60b7fb59d55c39e4cec4c5a5d41c22d14a2aaf5077e1d4ee6e549de336" # from: builder/scratch
 libs/libev-v4.33: "sha256:58d32c60b7fb59d55c39e4cec4c5a5d41c22d14a2aaf5077e1d4ee6e549de336" # from: builder/scratch
-libs/libffi: "sha256:61f6df57ba7c7d8e36b291f6f3d00a9ab9894cca46f28497e7f4a4ca5e1306db" # from: builder/scratch
-libs/libffi-v3.4.8: "sha256:61f6df57ba7c7d8e36b291f6f3d00a9ab9894cca46f28497e7f4a4ca5e1306db" # from: builder/scratch
+libs/libffi: "sha256:6f37598f040ac5fd7feeb8ffb09531ef671b06d42506ef31b13b72407c72a484" # from: builder/scratch
+libs/libffi-v3.4.8: "sha256:6f37598f040ac5fd7feeb8ffb09531ef671b06d42506ef31b13b72407c72a484" # from: builder/scratch
 libs/libfuse-3.18.1: "sha256:f687ff27d72565d7124e75b26a39b57fe428fcc5ccb43cc80d1ea9ccab998740" # from: builder/scratch
 libs/libfuse: "sha256:f687ff27d72565d7124e75b26a39b57fe428fcc5ccb43cc80d1ea9ccab998740" # from: builder/scratch
 libs/libgcrypt-libgcrypt-1.11.1: "sha256:dbf2ff5297ab254d56853e021a0258c02476e5bccde44622dabb54fdd6b261ab" # from: builder/scratch
@@ -194,10 +195,12 @@ libs/python-wheel: "sha256:094062e84a06571c0cefc9fe960f9a6d6e02d86a2a990aefc1a82
 libs/python-wheel-v0.1: "sha256:094062e84a06571c0cefc9fe960f9a6d6e02d86a2a990aefc1a82ac2975d0519" # from: builder/scratch
 libs/re2-2024-07-02: "sha256:1bef956f3244a8f5fe87816a4bfa3470b1d3e46b874cfe04bbc5133e5b6ecb0f" # from: builder/scratch
 libs/re2: "sha256:1bef956f3244a8f5fe87816a4bfa3470b1d3e46b874cfe04bbc5133e5b6ecb0f" # from: builder/scratch
-libs/readline-readline-8.2: "sha256:2ce60af1b63de3f2f1853f0356277803cd20ab3004b3eff0987d1b97b95d2438" # from: builder/scratch
-libs/readline: "sha256:2ce60af1b63de3f2f1853f0356277803cd20ab3004b3eff0987d1b97b95d2438" # from: builder/scratch
+libs/readline-readline-8.2: "sha256:87ffd91c0ecca3a2e0b385dbe5aa988a8a86771394caf3a27c193a6b530b89ce" # from: builder/scratch
+libs/readline: "sha256:87ffd91c0ecca3a2e0b385dbe5aa988a8a86771394caf3a27c193a6b530b89ce" # from: builder/scratch
 libs/skalibs: "sha256:8e212f565cdba51603b33b542d47b196222bc8910544846e2e655d38eb4b3721" # from: builder/scratch
 libs/skalibs-v2.14.3.0: "sha256:8e212f565cdba51603b33b542d47b196222bc8910544846e2e655d38eb4b3721" # from: builder/scratch
+libs/snappy-1.2.2: "sha256:f256ef7ffe2430cf0a084e4f55394c114278b10eba314e1c5e7cd0acb0d22b98" # from: builder/scratch
+libs/snappy: "sha256:f256ef7ffe2430cf0a084e4f55394c114278b10eba314e1c5e7cd0acb0d22b98" # from: builder/scratch
 libs/sqlite: "sha256:6b513c1ea6579e8b540ba16462f0880a0d40cb316fbd6e092e0fc115d6514b9e" # from: builder/scratch
 libs/sqlite-version-3.49.1: "sha256:6b513c1ea6579e8b540ba16462f0880a0d40cb316fbd6e092e0fc115d6514b9e" # from: builder/scratch
 libs/userspace-rcu: "sha256:c686739972451041f083132c56ae9e8a7c1866d42674b390120f6fe2df01b359" # from: builder/scratch
@@ -214,8 +217,8 @@ libs/zstd: "sha256:6bd8208ef57fdf9e0095f386f614e7377174d5ef7526e9b992dfc6fe5aa22
 libs/zstd-v1.5.7: "sha256:6bd8208ef57fdf9e0095f386f614e7377174d5ef7526e9b992dfc6fe5aa22b60" # from: builder/scratch
 tools/bash-completion-2.16.0: "sha256:9ad1615e0428a7074f2e8026189f9a8d04b8804a64f94314b160ed9767ce053c" # from: builder/scratch
 tools/bash-completion: "sha256:9ad1615e0428a7074f2e8026189f9a8d04b8804a64f94314b160ed9767ce053c" # from: builder/scratch
-tools/bash: "sha256:02b08330b1e73ce40568b84c1d128f640b0a71faffaa3703e56aa02bbb47608a" # from: builder/scratch
-tools/bash-v5.2.37: "sha256:02b08330b1e73ce40568b84c1d128f640b0a71faffaa3703e56aa02bbb47608a" # from: builder/scratch
+tools/bash: "sha256:7a715da2393f373b08c3c7e7b32339e3c34cd16c2a9016087ab2390a94053d07" # from: builder/scratch
+tools/bash-v5.2.37: "sha256:7a715da2393f373b08c3c7e7b32339e3c34cd16c2a9016087ab2390a94053d07" # from: builder/scratch
 tools/bazel-6.3.2: "sha256:57d78348dcb79c2af7481e8534f1cd4a47dd3d957ea2454603ca9ab6ebb8d215" # from: builder/scratch
 tools/bazel-6.5.0: "sha256:4d017416c603b3834a9a2542a6926ed3e622a626b8330de7e7d15672ea133bb0" # from: builder/scratch
 tools/bazel: "sha256:4d017416c603b3834a9a2542a6926ed3e622a626b8330de7e7d15672ea133bb0" # from: builder/scratch
@@ -223,8 +226,8 @@ tools/conntrack-tools-conntrack-tools-1.4.8: "sha256:c6151bf048e37b9a85ccdd03880
 tools/conntrack-tools: "sha256:c6151bf048e37b9a85ccdd038805d756e2b1295a0172bf3af462a48c4afdd857" # from: builder/scratch
 tools/coreutils: "sha256:974629f4702f1b483a65496ab17eaf1a195adbc0d2bdc6325d7aca63f2a24b4b" # from: builder/scratch
 tools/coreutils-v9.7: "sha256:974629f4702f1b483a65496ab17eaf1a195adbc0d2bdc6325d7aca63f2a24b4b" # from: builder/scratch
-tools/cosign: "sha256:3914d84658e055040a95a5e712d3a043b465504ab8c54eee88f13b5987408b35" # from: builder/scratch
-tools/cosign-v2.4.3: "sha256:3914d84658e055040a95a5e712d3a043b465504ab8c54eee88f13b5987408b35" # from: builder/scratch
+tools/cosign: "sha256:c2d1e5a120965284e1f048f4566d10346fb4202f4b40f767d3a62860ba81a9b6" # from: builder/scratch
+tools/cosign-v2.6.3: "sha256:c2d1e5a120965284e1f048f4566d10346fb4202f4b40f767d3a62860ba81a9b6" # from: builder/scratch
 tools/cryptsetup: "sha256:6a446532c85a631cf078a9879622d334c2e4f6480e40d5a2a931274c59ecbc06" # from: builder/scratch
 tools/cryptsetup-v2.7.5: "sha256:6a446532c85a631cf078a9879622d334c2e4f6480e40d5a2a931274c59ecbc06" # from: builder/scratch
 tools/curl-curl-8_18_0: "sha256:8f31f5dd039e250355a3192882a230e76c85139d25bd138d8aa35622882353d0" # from: builder/scratch
@@ -252,8 +255,8 @@ tools/gcc: "sha256:c51f177ee84227ed9d767ae9e808792f732d7431aca1e486ba3deca5ec0c2
 tools/git: "sha256:639c27908e5f11c2ed09052ef3f2eb722b79fdd578e092b1415ef9f38b398f2c" # from: builder/scratch
 tools/git-v2.50.1: "sha256:639c27908e5f11c2ed09052ef3f2eb722b79fdd578e092b1415ef9f38b398f2c" # from: builder/scratch
 tools/golang-1.24.13: "sha256:8433c4d59e23cdb2e10b1910c5fb3b6a92c3b012f8bc84c8314e0001a8a4add2" # from: builder/scratch
-tools/golang-1.25.9: "sha256:d7575eb1bcec5a2f8688c646c54aeceda02f8d8272c4d521d1b1de7abe7e50c3" # from: builder/scratch
-tools/golang: "sha256:d7575eb1bcec5a2f8688c646c54aeceda02f8d8272c4d521d1b1de7abe7e50c3" # from: builder/scratch
+tools/golang-1.25.10: "sha256:d3dbef8bae3d86fc89d1f9952b781647917e35102f68c0e34827c97273ee9a1d" # from: builder/scratch
+tools/golang: "sha256:d3dbef8bae3d86fc89d1f9952b781647917e35102f68c0e34827c97273ee9a1d" # from: builder/scratch
 tools/grep-grep-3.11: "sha256:c83c35bd1321103162d6e12030f6b49e9220eae00870eee2cea32e60b2eb1949" # from: builder/scratch
 tools/grep: "sha256:c83c35bd1321103162d6e12030f6b49e9220eae00870eee2cea32e60b2eb1949" # from: builder/scratch
 tools/iproute2: "sha256:1802839b7eb6c80b2e0c8c6527d1030ca5b77eb974b9e2e7f7dd81f4b35e59b9" # from: builder/scratch
@@ -264,8 +267,8 @@ tools/iptables: "sha256:7bba522179a4fb511ae2d905f7ba9c1741d67052d0c8fd5037ab58b9
 tools/iptables-v1.8.9: "sha256:7bba522179a4fb511ae2d905f7ba9c1741d67052d0c8fd5037ab58b93f3f8a88" # from: builder/scratch
 tools/iputils-20250605: "sha256:95babdf3ec18fc51a7970df78131ce8b0d267153e057350610a69e5015f66943" # from: builder/scratch
 tools/iputils: "sha256:95babdf3ec18fc51a7970df78131ce8b0d267153e057350610a69e5015f66943" # from: builder/scratch
-tools/iscsi-command-0.0.5: "sha256:6af8d39279a36ef8e577d172e63b68ec3d2ebed34addad115103f3025424994f" # from: builder/scratch
-tools/iscsi-command: "sha256:6af8d39279a36ef8e577d172e63b68ec3d2ebed34addad115103f3025424994f" # from: builder/scratch
+tools/iscsi-command-0.0.5: "sha256:726c2c8cfe94bcad91c56cb4955ef53eed8ebc5c1ff16b7e26ea2a686ac1d17a" # from: builder/scratch
+tools/iscsi-command: "sha256:726c2c8cfe94bcad91c56cb4955ef53eed8ebc5c1ff16b7e26ea2a686ac1d17a" # from: builder/scratch
 tools/jq-1.7.1: "sha256:7218b86b49a12d03911cc745cfcc7720e6b2803a97db2b7a30c3d70753c6ad77" # from: builder/scratch
 tools/jq: "sha256:7218b86b49a12d03911cc745cfcc7720e6b2803a97db2b7a30c3d70753c6ad77" # from: builder/scratch
 tools/kmod: "sha256:b7056c3071d9adf63035fc689f16e5ef14d7920959d4839653605c99fe96606e" # from: builder/scratch
@@ -278,8 +281,8 @@ tools/libcap: "sha256:95cddf1738d5a4ee9291fffb91e909dcfd32370b11aa5297bcbfcc9418
 tools/libcap-v1.2.76: "sha256:95cddf1738d5a4ee9291fffb91e909dcfd32370b11aa5297bcbfcc94184aa6ec" # from: builder/scratch
 tools/lsscsi: "sha256:ba8301b91d07c277ff350cad160215a3903f36650b5c09980b4c379fbcd79cc1" # from: builder/scratch
 tools/lsscsi-v0.28: "sha256:ba8301b91d07c277ff350cad160215a3903f36650b5c09980b4c379fbcd79cc1" # from: builder/scratch
-tools/lua5-1: "sha256:1792ffe9782a946a79a293487e9b58c112b8688e84fab340e115740c7ea0e3ff" # from: builder/scratch
-tools/lua5-1-v5.1.5: "sha256:1792ffe9782a946a79a293487e9b58c112b8688e84fab340e115740c7ea0e3ff" # from: builder/scratch
+tools/lua5-1: "sha256:6f24a5c1ffeacfe30594d34622860943f33146dbc2363412de776b8161e2f9e1" # from: builder/scratch
+tools/lua5-1-v5.1.5: "sha256:6f24a5c1ffeacfe30594d34622860943f33146dbc2363412de776b8161e2f9e1" # from: builder/scratch
 tools/luarocks5-1: "sha256:632b8a92ecb2da645b8771f205b4c341d39cae6f684e0ee603262e8b33ae000d" # from: builder/scratch
 tools/luarocks5-1-v3.12.2: "sha256:632b8a92ecb2da645b8771f205b4c341d39cae6f684e0ee603262e8b33ae000d" # from: builder/scratch
 tools/lvm2: "sha256:d8e0f806cc340426a3d9c2e3c5a8368869d564516f9604522666b4beee1f6686" # from: builder/scratch
@@ -288,16 +291,17 @@ tools/memcached-1.6.39: "sha256:60d587804a50892c5f0c61a64fbb2c28f1b01d99a4aa47e2
 tools/memcached: "sha256:60d587804a50892c5f0c61a64fbb2c28f1b01d99a4aa47e2dd92996f8de166a2" # from: builder/scratch
 tools/multipath-tools-0.13.0: "sha256:860adeacd5181a7a4b50297b67fa001f3542325fad791f47b1bba6b40e0a3aa7" # from: builder/scratch
 tools/multipath-tools: "sha256:860adeacd5181a7a4b50297b67fa001f3542325fad791f47b1bba6b40e0a3aa7" # from: builder/scratch
-tools/nfs-utils-nfs-utils-2-8-2: "sha256:ec1a8d8447c8e81cfa5f59820ff7d1c2eeb02e3812171cddd83eb50167c3d960" # from: builder/scratch
-tools/nfs-utils: "sha256:ec1a8d8447c8e81cfa5f59820ff7d1c2eeb02e3812171cddd83eb50167c3d960" # from: builder/scratch
+tools/nfs-utils-nfs-utils-2-8-2: "sha256:f4c0a02bd721e906059d5e2aecaee664537d65bf1f545d3c9e12f4057e456cd1" # from: builder/scratch
+tools/nfs-utils: "sha256:f4c0a02bd721e906059d5e2aecaee664537d65bf1f545d3c9e12f4057e456cd1" # from: builder/scratch
 tools/nginx-njs-release-1.28.0: "sha256:d60179dc0b1ec40c7a90589756dae29c99831bc6a8a890a0684f47b9ea475ffe" # from: builder/scratch
 tools/nginx-njs: "sha256:d60179dc0b1ec40c7a90589756dae29c99831bc6a8a890a0684f47b9ea475ffe" # from: builder/scratch
 tools/nginx-release-1.28.0: "sha256:601e5a92b84e08b958a65b901c02b2321d5c31b220466e802af6cc2e347a6afb" # from: builder/scratch
 tools/nginx: "sha256:601e5a92b84e08b958a65b901c02b2321d5c31b220466e802af6cc2e347a6afb" # from: builder/scratch
 tools/nvme-cli: "sha256:5a0a627687e4dd997a66897f9df3482adea9f117ca23c41b5520f724fad2b125" # from: builder/scratch
 tools/nvme-cli-v2.16: "sha256:5a0a627687e4dd997a66897f9df3482adea9f117ca23c41b5520f724fad2b125" # from: builder/scratch
-tools/open-iscsi-2.1.11: "sha256:7cf4967824a6ae74bba69532a69aa5329fae55aef287bcb5b3dfa317cfe16def" # from: builder/scratch
-tools/open-iscsi: "sha256:7cf4967824a6ae74bba69532a69aa5329fae55aef287bcb5b3dfa317cfe16def" # from: builder/scratch
+tools/open-iscsi-2.0.878: "sha256:b3b05c1c6ea14c453e9d0e77273fa5eca78be368d8142813a152711d5f16eaff" # from: builder/scratch
+tools/open-iscsi-2.1.11: "sha256:ec196daaaaa700a0dc282fdd878189e8e0daf8bd9eb63a2bebe968dfe7a13187" # from: builder/scratch
+tools/open-iscsi: "sha256:ec196daaaaa700a0dc282fdd878189e8e0daf8bd9eb63a2bebe968dfe7a13187" # from: builder/scratch
 tools/openssl-3.6.0: "sha256:27a6f59849d06b81c07936b15518549592782ce62aa23926f14507de57ae8905" # from: builder/scratch
 tools/openssl: "sha256:27a6f59849d06b81c07936b15518549592782ce62aa23926f14507de57ae8905" # from: builder/scratch
 tools/procps: "sha256:4d01d9f751c707f07d74ab0c7db1102a059abb4e5f3bde9bfe4a2666608dc4f7" # from: builder/scratch
@@ -305,10 +309,10 @@ tools/procps-v4.0.5: "sha256:4d01d9f751c707f07d74ab0c7db1102a059abb4e5f3bde9bfe4
 tools/protoc-22.3: "sha256:450466d7e90d7dd65e60c41208a8793a5d175f8d4254dd989e31d559e253c809" # from: builder/scratch
 tools/protoc-30.2: "sha256:83085d63402f03b742699e3664ac3a8ed6816488ec1309d4505585770bb09ebf" # from: builder/scratch
 tools/protoc: "sha256:83085d63402f03b742699e3664ac3a8ed6816488ec1309d4505585770bb09ebf" # from: builder/scratch
-tools/pwru: "sha256:cd27531d4150b0933cdff9e70ea707d00c0cd4124f804b8bfed5a384df6fdde4" # from: builder/scratch
-tools/pwru-v1.0.11: "sha256:cd27531d4150b0933cdff9e70ea707d00c0cd4124f804b8bfed5a384df6fdde4" # from: builder/scratch
-tools/rclone-1.73.1: "sha256:2171c2c96fe9e3adf168a188f1605bfc340164fc15a3fc53d9cfaa3cac7163cf" # from: builder/scratch
-tools/rclone: "sha256:2171c2c96fe9e3adf168a188f1605bfc340164fc15a3fc53d9cfaa3cac7163cf" # from: builder/scratch
+tools/pwru: "sha256:c039f92c9cb0413531630432d652cba5aa1649acd0c50f2c1efeaffdb053634b" # from: builder/scratch
+tools/pwru-v1.0.11: "sha256:c039f92c9cb0413531630432d652cba5aa1649acd0c50f2c1efeaffdb053634b" # from: builder/scratch
+tools/rclone-1.74.1: "sha256:837843936eb9f430e48cf349e57dc44aac77ce37c6a7c933d1c481e67194f52e" # from: builder/scratch
+tools/rclone: "sha256:837843936eb9f430e48cf349e57dc44aac77ce37c6a7c933d1c481e67194f52e" # from: builder/scratch
 tools/rpcbind-rpcbind-1_2_8: "sha256:6a0b585505b38a0f2251c4e229d69fe94b021820948c83c8bd24dfb873f68ed7" # from: builder/scratch
 tools/rpcbind: "sha256:6a0b585505b38a0f2251c4e229d69fe94b021820948c83c8bd24dfb873f68ed7" # from: builder/scratch
 tools/s3fs-fuse-1.97: "sha256:1f3d0d991a1dbe94d8fe6a4a392d063c0857668677cd507a77f43d1425fcf7c3" # from: builder/scratch
@@ -317,8 +321,8 @@ tools/sed: "sha256:03139bab0878f523e1d8256faea9d63f31325efa65f4330de19a91cc18032
 tools/sed-v4.9: "sha256:03139bab0878f523e1d8256faea9d63f31325efa65f4330de19a91cc18032b8c" # from: builder/scratch
 tools/semver-3.4.0: "sha256:1820728a5bc6d57ec962b075461a679034d965ad7521a11fcf73dec29d85e739" # from: builder/scratch
 tools/semver: "sha256:1820728a5bc6d57ec962b075461a679034d965ad7521a11fcf73dec29d85e739" # from: builder/scratch
-tools/shell-operator: "sha256:43c0c7f1ed239fd177228994a42655738d7896808c923aebb40eb42e1f3fa16e" # from: builder/scratch
-tools/shell-operator-v1.14.3: "sha256:43c0c7f1ed239fd177228994a42655738d7896808c923aebb40eb42e1f3fa16e" # from: builder/scratch
+tools/shell-operator: "sha256:cfe0c3ac885b7b2c3d8abbbe953c358f7d7b7b0151c717ad7fe9765b18f86bb3" # from: builder/scratch
+tools/shell-operator-v1.16.4: "sha256:cfe0c3ac885b7b2c3d8abbbe953c358f7d7b7b0151c717ad7fe9765b18f86bb3" # from: builder/scratch
 tools/ssh: "sha256:25fbf77913f932f27973049480826b8dc30de17d2bbbf11ba6ac154f1735e0ae" # from: builder/scratch
 tools/ssh-V_10_0_P2: "sha256:25fbf77913f932f27973049480826b8dc30de17d2bbbf11ba6ac154f1735e0ae" # from: builder/scratch
 tools/tar: "sha256:89060034cd11076104af31fa9d613100149227c64890d10ad683fd3e475ce5c2" # from: builder/scratch
@@ -333,6 +337,6 @@ tools/vim: "sha256:a7a8fd17135befeaf2565c18fc888a504e5076803649fba776f5c6b8b2438
 tools/vim-v9.1.1236: "sha256:a7a8fd17135befeaf2565c18fc888a504e5076803649fba776f5c6b8b24382f7" # from: builder/scratch
 tools/xfsprogs: "sha256:30170f2cf5a9f9b34cc1abf028a2f6bfa3572ed95f78110f5c2f0f4f9281d028" # from: builder/scratch
 tools/xfsprogs-v6.16.0: "sha256:30170f2cf5a9f9b34cc1abf028a2f6bfa3572ed95f78110f5c2f0f4f9281d028" # from: builder/scratch
-tools/yq: "sha256:cbdabf06879bd87c4ec619b1be3a593d73ed321b44a70b535604325c517e4bd7" # from: builder/scratch
-tools/yq-v4.45.1: "sha256:2f91cda243862c5faffd80ffec4241eded21f2071017858d5ee023b0d2739e32" # from: builder/scratch
-tools/yq-v4.47.1: "sha256:cbdabf06879bd87c4ec619b1be3a593d73ed321b44a70b535604325c517e4bd7" # from: builder/scratch
+tools/yq: "sha256:49d909fce43bf14543e030bb65f1f1c8a6ebe2067e12628de4f541f9f7275a5a" # from: builder/scratch
+tools/yq-v4.45.1: "sha256:93c062315cf7bc20f3dd973b8fb8adf9705a31f3ad7611a5d6a1a24593c867e2" # from: builder/scratch
+tools/yq-v4.47.1: "sha256:49d909fce43bf14543e030bb65f1f1c8a6ebe2067e12628de4f541f9f7275a5a" # from: builder/scratch
diff --git a/build/components/versions.yml b/build/components/versions.yml
index 1934395904..c7ab8ea643 100644
--- a/build/components/versions.yml
+++ b/build/components/versions.yml
@@ -4,7 +4,7 @@ firmware:
   edk2: stable202411
 core:
   3p-kubevirt: v1.6.2-v12n.30
-  3p-containerized-data-importer: v1.60.3-v12n.18
+  3p-containerized-data-importer: chore/core/cve-mitigation-11052026
   distribution: 2.8.3
 package:
   acl: v2.3.1
diff --git a/images/dvcr-artifact/go.mod b/images/dvcr-artifact/go.mod
index 38ccd756cb..fff5efccdb 100644
--- a/images/dvcr-artifact/go.mod
+++ b/images/dvcr-artifact/go.mod
@@ -1,6 +1,6 @@
 module github.com/deckhouse/virtualization-controller/dvcr-importers
 
-go 1.25.9
+go 1.25.10
 
 require (
 	github.com/containers/image/v5 v5.32.0
diff --git a/images/hooks/go.mod b/images/hooks/go.mod
index 2f4dab41f8..4b4760ed73 100644
--- a/images/hooks/go.mod
+++ b/images/hooks/go.mod
@@ -1,6 +1,6 @@
 module github.com/deckhouse/virtualization/hooks
 
-go 1.25.9
+go 1.25.10
 
 tool github.com/onsi/ginkgo/v2/ginkgo
 
@@ -17,6 +17,7 @@ require (
 	k8s.io/apimachinery v0.34.2
 	k8s.io/client-go v0.34.2
 	k8s.io/utils v0.0.0-20250604170112-4c0f3b243397
+	sigs.k8s.io/controller-runtime v0.21.0
 )
 
 require (
@@ -109,7 +110,6 @@ require (
 	kubevirt.io/api v1.6.2 // indirect
 	kubevirt.io/containerized-data-importer-api v1.63.1 // indirect
 	kubevirt.io/controller-lifecycle-operator-sdk/api v0.0.0-20220329064328-f3cc58c6ed90 // indirect
-	sigs.k8s.io/controller-runtime v0.21.0 // indirect
 	sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect
 	sigs.k8s.io/randfill v1.0.0 // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.6.0 // indirect
diff --git a/images/kube-api-rewriter/go.mod b/images/kube-api-rewriter/go.mod
index 8eccd5524c..823e4da3b2 100644
--- a/images/kube-api-rewriter/go.mod
+++ b/images/kube-api-rewriter/go.mod
@@ -1,6 +1,6 @@
 module github.com/deckhouse/virtualization/kube-api-rewriter
 
-go 1.25.9
+go 1.25.10
 
 require (
 	github.com/deckhouse/kube-api-rewriter v0.2.0
diff --git a/images/pre-delete-hook/go.mod b/images/pre-delete-hook/go.mod
index f3777efc65..ceb0a21ad6 100644
--- a/images/pre-delete-hook/go.mod
+++ b/images/pre-delete-hook/go.mod
@@ -1,6 +1,6 @@
 module pre-delete-hook
 
-go 1.25.9
+go 1.25.10
 
 require (
 	github.com/ilyakaznacheev/cleanenv v1.5.0
diff --git a/images/virt-launcher/node-labeller/go.mod b/images/virt-launcher/node-labeller/go.mod
index 3b32fa6f83..8c85e1245c 100644
--- a/images/virt-launcher/node-labeller/go.mod
+++ b/images/virt-launcher/node-labeller/go.mod
@@ -1,6 +1,6 @@
 module node-labeller
 
-go 1.25.9
+go 1.25.10
 
 require (
 	golang.org/x/sys v0.25.0
diff --git a/images/virt-launcher/vlctl/go.mod b/images/virt-launcher/vlctl/go.mod
index c6e75ad507..7770ccd79e 100644
--- a/images/virt-launcher/vlctl/go.mod
+++ b/images/virt-launcher/vlctl/go.mod
@@ -1,6 +1,6 @@
 module vlctl
 
-go 1.25.9
+go 1.25.10
 
 require (
 	github.com/spf13/cobra v1.9.1
diff --git a/images/virtualization-artifact/go.mod b/images/virtualization-artifact/go.mod
index 32e1b85473..9c427caacc 100644
--- a/images/virtualization-artifact/go.mod
+++ b/images/virtualization-artifact/go.mod
@@ -1,6 +1,6 @@
 module github.com/deckhouse/virtualization-controller
 
-go 1.25.9
+go 1.25.10
 
 tool (
 	github.com/matryer/moq
diff --git a/images/virtualization-dra/go.mod b/images/virtualization-dra/go.mod
index 2afe3de559..75bbfd52c7 100644
--- a/images/virtualization-dra/go.mod
+++ b/images/virtualization-dra/go.mod
@@ -70,9 +70,9 @@ require (
 	github.com/tetratelabs/wazero v1.9.0 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
 	go.etcd.io/etcd/client/pkg/v3 v3.6.4 // indirect
-	go.opentelemetry.io/otel v1.40.0 // indirect
+	go.opentelemetry.io/otel v1.41.0 // indirect
 	go.opentelemetry.io/otel/sdk/metric v1.40.0 // indirect
-	go.opentelemetry.io/otel/trace v1.40.0 // indirect
+	go.opentelemetry.io/otel/trace v1.41.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.27.0 // indirect
 	go.yaml.in/yaml/v2 v2.4.2 // indirect
diff --git a/images/virtualization-dra/go.sum b/images/virtualization-dra/go.sum
index 5c98b67ff7..8922c98245 100644
--- a/images/virtualization-dra/go.sum
+++ b/images/virtualization-dra/go.sum
@@ -156,16 +156,16 @@ go.etcd.io/etcd/client/pkg/v3 v3.6.4 h1:9HBYrjppeOfFjBjaMTRxT3R7xT0GLK8EJMVC4xg6
 go.etcd.io/etcd/client/pkg/v3 v3.6.4/go.mod h1:sbdzr2cl3HzVmxNw//PH7aLGVtY4QySjQFuaCgcRFAI=
 go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64=
 go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y=
-go.opentelemetry.io/otel v1.40.0 h1:oA5YeOcpRTXq6NN7frwmwFR0Cn3RhTVZvXsP4duvCms=
-go.opentelemetry.io/otel v1.40.0/go.mod h1:IMb+uXZUKkMXdPddhwAHm6UfOwJyh4ct1ybIlV14J0g=
-go.opentelemetry.io/otel/metric v1.40.0 h1:rcZe317KPftE2rstWIBitCdVp89A2HqjkxR3c11+p9g=
-go.opentelemetry.io/otel/metric v1.40.0/go.mod h1:ib/crwQH7N3r5kfiBZQbwrTge743UDc7DTFVZrrXnqc=
+go.opentelemetry.io/otel v1.41.0 h1:YlEwVsGAlCvczDILpUXpIpPSL/VPugt7zHThEMLce1c=
+go.opentelemetry.io/otel v1.41.0/go.mod h1:Yt4UwgEKeT05QbLwbyHXEwhnjxNO6D8L5PQP51/46dE=
+go.opentelemetry.io/otel/metric v1.41.0 h1:rFnDcs4gRzBcsO9tS8LCpgR0dxg4aaxWlJxCno7JlTQ=
+go.opentelemetry.io/otel/metric v1.41.0/go.mod h1:xPvCwd9pU0VN8tPZYzDZV/BMj9CM9vs00GuBjeKhJps=
 go.opentelemetry.io/otel/sdk v1.40.0 h1:KHW/jUzgo6wsPh9At46+h4upjtccTmuZCFAc9OJ71f8=
 go.opentelemetry.io/otel/sdk v1.40.0/go.mod h1:Ph7EFdYvxq72Y8Li9q8KebuYUr2KoeyHx0DRMKrYBUE=
 go.opentelemetry.io/otel/sdk/metric v1.40.0 h1:mtmdVqgQkeRxHgRv4qhyJduP3fYJRMX4AtAlbuWdCYw=
 go.opentelemetry.io/otel/sdk/metric v1.40.0/go.mod h1:4Z2bGMf0KSK3uRjlczMOeMhKU2rhUqdWNoKcYrtcBPg=
-go.opentelemetry.io/otel/trace v1.40.0 h1:WA4etStDttCSYuhwvEa8OP8I5EWu24lkOzp+ZYblVjw=
-go.opentelemetry.io/otel/trace v1.40.0/go.mod h1:zeAhriXecNGP/s2SEG3+Y8X9ujcJOTqQ5RgdEJcawiA=
+go.opentelemetry.io/otel/trace v1.41.0 h1:Vbk2co6bhj8L59ZJ6/xFTskY+tGAbOnCtQGVVa9TIN0=
+go.opentelemetry.io/otel/trace v1.41.0/go.mod h1:U1NU4ULCoxeDKc09yCWdWe+3QoyweJcISEVa1RBzOis=
 go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
 go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
 go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
diff --git a/images/vm-route-forge/go.mod b/images/vm-route-forge/go.mod
index 0c5e7a2f6b..57d71d5019 100644
--- a/images/vm-route-forge/go.mod
+++ b/images/vm-route-forge/go.mod
@@ -1,11 +1,11 @@
 module vm-route-forge
 
-go 1.25.9
+go 1.25.10
 
 tool github.com/cilium/ebpf/cmd/bpf2go
 
 require (
-	github.com/cilium/cilium v1.17.14
+	github.com/cilium/cilium v1.17.15
 	github.com/cilium/ebpf v0.17.1
 	github.com/deckhouse/virtualization/api v0.0.0-00010101000000-000000000000
 	github.com/go-logr/logr v1.4.3
@@ -74,7 +74,7 @@ require (
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/prometheus/client_golang v1.22.0 // indirect
-	github.com/prometheus/client_model v0.6.1 // indirect
+	github.com/prometheus/client_model v0.6.2 // indirect
 	github.com/prometheus/common v0.62.0 // indirect
 	github.com/prometheus/procfs v0.15.1 // indirect
 	github.com/sagikazarmark/locafero v0.4.0 // indirect
@@ -100,15 +100,15 @@ require (
 	go.yaml.in/yaml/v3 v3.0.4 // indirect
 	go4.org/netipx v0.0.0-20231129151722-fdeea329fbba // indirect
 	golang.org/x/exp v0.0.0-20240808152545-0cdaa3abc0fa // indirect
-	golang.org/x/net v0.47.0 // indirect
-	golang.org/x/oauth2 v0.30.0 // indirect
-	golang.org/x/sync v0.18.0 // indirect
-	golang.org/x/term v0.37.0 // indirect
-	golang.org/x/text v0.31.0 // indirect
+	golang.org/x/net v0.48.0 // indirect
+	golang.org/x/oauth2 v0.34.0 // indirect
+	golang.org/x/sync v0.19.0 // indirect
+	golang.org/x/term v0.38.0 // indirect
+	golang.org/x/text v0.32.0 // indirect
 	golang.org/x/time v0.12.0 // indirect
-	golang.org/x/tools v0.38.0 // indirect
+	golang.org/x/tools v0.39.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
-	google.golang.org/protobuf v1.36.6 // indirect
+	google.golang.org/protobuf v1.36.10 // indirect
 	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
@@ -117,7 +117,7 @@ require (
 	k8s.io/apiextensions-apiserver v0.34.2 // indirect
 	k8s.io/klog/v2 v2.130.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b // indirect
-	k8s.io/utils v0.0.0-20260210185600-b8788abfbbc2 // indirect
+	k8s.io/utils v0.0.0-20260319190234-28399d86e0b5 // indirect
 	kubevirt.io/api v1.6.2 // indirect
 	kubevirt.io/containerized-data-importer-api v1.60.3-0.20241105012228-50fbed985de9 // indirect
 	kubevirt.io/controller-lifecycle-operator-sdk/api v0.0.0-20220329064328-f3cc58c6ed90 // indirect
diff --git a/images/vm-route-forge/go.sum b/images/vm-route-forge/go.sum
index 61ffd7100f..b2a6829bc8 100644
--- a/images/vm-route-forge/go.sum
+++ b/images/vm-route-forge/go.sum
@@ -1,5 +1,5 @@
-cel.dev/expr v0.24.0 h1:56OvJKSH3hDGL0ml5uSxZmz3/3Pq4tJ+fb1unVLAFcY=
-cel.dev/expr v0.24.0/go.mod h1:hLPLo1W4QUmuYdA72RBX06QTs6MXw941piREPl3Yfiw=
+cel.dev/expr v0.25.1 h1:1KrZg61W6TWSxuNZ37Xy49ps13NUovb66QLprthtwi4=
+cel.dev/expr v0.25.1/go.mod h1:hrXvqGP6G6gyx8UAHSHJ5RGk//1Oj5nXQ2NI02Nrsg4=
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 h1:He8afgbRMd7mFxO99hRNu+6tazq8nFF9lIwo9JFroBk=
@@ -21,8 +21,8 @@ github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XL
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
-github.com/cilium/cilium v1.17.14 h1:Kpg8Ul6Bo6e6m8J4hXsmXwibDJOk0nsP+95BiT5iUUI=
-github.com/cilium/cilium v1.17.14/go.mod h1:tXBsNjYmMtf7EiXzN1sJeQPkFdWLoPptrXU8h7E+BzU=
+github.com/cilium/cilium v1.17.15 h1:Sf+MRwLolUQu8M6huRHSCGMUXXHTvHp1Sj21pAEMnME=
+github.com/cilium/cilium v1.17.15/go.mod h1:p8SuQDXS21LtmvKo1rwhXDLog+eWm5dubi0W2wNru/w=
 github.com/cilium/ebpf v0.17.1 h1:G8mzU81R2JA1nE5/8SRubzqvBMmAmri2VL8BIZPWvV0=
 github.com/cilium/ebpf v0.17.1/go.mod h1:vay2FaYSmIlv3r8dNACd4mW/OCaZLJKJOo+IHBvCIO8=
 github.com/cilium/hive v0.0.0-20250522145610-0734675df148 h1:0zljF9fNEJ36/OyifWahfcizUcs+X9OMSvEv58+wo5g=
@@ -34,8 +34,8 @@ github.com/cilium/statedb v0.4.5/go.mod h1:DlxX9OQi/nM8oumUuz8VjxXUtVRiEfbfo8Ri1
 github.com/cilium/stream v0.0.0-20241203114243-53c3e5d79744 h1:f+CgYUy2YyZ2EX31QSqf3vwFiJJQSAMIQLn4d3QQYno=
 github.com/cilium/stream v0.0.0-20241203114243-53c3e5d79744/go.mod h1:/e83AwqvNKpyg4n3C41qmnmj1x2G9DwzI+jb7GkF4lI=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cncf/xds/go v0.0.0-20250501225837-2ac532fd4443 h1:aQ3y1lwWyqYPiWZThqv1aFbZMiM9vblcSArJRf2Irls=
-github.com/cncf/xds/go v0.0.0-20250501225837-2ac532fd4443/go.mod h1:W+zGtBO5Y1IgJhy4+A9GOqVhqLpfZi+vwmdNXUehLA8=
+github.com/cncf/xds/go v0.0.0-20251210132809-ee656c7534f5 h1:6xNmx7iTtyBRev0+D/Tv1FZd4SCg8axKApyNyRsAt/w=
+github.com/cncf/xds/go v0.0.0-20251210132809-ee656c7534f5/go.mod h1:KdCmV+x/BuvyMxRnYBlmVaq4OLiKW6iRQfvC62cvdkI=
 github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -51,11 +51,11 @@ github.com/emicklei/go-restful/v3 v3.12.2 h1:DhwDP0vY3k8ZzE0RunuJy8GhNpPL6zqLkDf
 github.com/emicklei/go-restful/v3 v3.12.2/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473 h1:4cmBvAEBNJaGARUEs3/suWRyfyBfhf7I60WBZq+bv2w=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
-github.com/envoyproxy/go-control-plane/envoy v1.32.4 h1:jb83lalDRZSpPWW2Z7Mck/8kXZ5CQAFYVjQcdVIr83A=
-github.com/envoyproxy/go-control-plane/envoy v1.32.4/go.mod h1:Gzjc5k8JcJswLjAx1Zm+wSYE20UrLtt7JZMWiWQXQEw=
+github.com/envoyproxy/go-control-plane/envoy v1.36.0 h1:yg/JjO5E7ubRyKX3m07GF3reDNEnfOboJ0QySbH736g=
+github.com/envoyproxy/go-control-plane/envoy v1.36.0/go.mod h1:ty89S1YCCVruQAm9OtKeEkQLTb+Lkz0k8v9W0Oxsv98=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
-github.com/envoyproxy/protoc-gen-validate v1.2.1 h1:DEo3O99U8j4hBFwbJfrz9VtgcDfUKS7KJ7spH3d86P8=
-github.com/envoyproxy/protoc-gen-validate v1.2.1/go.mod h1:d/C80l/jxXLdfEIhX1W2TmLfsJ31lvEjwamM4DxlWXU=
+github.com/envoyproxy/protoc-gen-validate v1.3.0 h1:TvGH1wof4H33rezVKWSpqKz5NXWg5VPuZ0uONDT6eb4=
+github.com/envoyproxy/protoc-gen-validate v1.3.0/go.mod h1:HvYl7zwPa5mffgyeTUHA9zHIH36nmrm7oCbo4YKoSWA=
 github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/evanphx/json-patch v5.9.0+incompatible h1:fBXyNpNMuTTDdquAq/uisOr2lShz4oaXpDTX2bLe7ls=
 github.com/evanphx/json-patch v5.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
@@ -261,8 +261,8 @@ github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH
 github.com/prometheus/client_golang v1.22.0 h1:rb93p9lokFEsctTys46VnV1kLCDpVZ0a/Y92Vm0Zc6Q=
 github.com/prometheus/client_golang v1.22.0/go.mod h1:R7ljNsLXhuQXYZYtw6GAE9AZg8Y7vEW5scdCXrWRXC0=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E=
-github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY=
+github.com/prometheus/client_model v0.6.2 h1:oBsgwpGs7iVziMvrGhE53c/GrLUsZdHnqNwqPLxwZyk=
+github.com/prometheus/client_model v0.6.2/go.mod h1:y3m2F6Gdpfy6Ut/GBsUqTWZqCUvMVzSfMLjcu6wAwpE=
 github.com/prometheus/common v0.62.0 h1:xasJaQlnWAeyHdUBeGjXmutelfJHWMRr+Fg4QszZ2Io=
 github.com/prometheus/common v0.62.0/go.mod h1:vyBcEuLSvWos9B1+CyL7JZ2up+uFzXhkqml0W5zIY1I=
 github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc=
@@ -388,8 +388,9 @@ golang.org/x/sync v0.14.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sync v0.15.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
-golang.org/x/sync v0.18.0 h1:kr88TuHDroi+UVf+0hZnirlk8o8T+4MrK6mr60WkH/I=
 golang.org/x/sync v0.18.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
+golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4=
+golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -428,16 +429,18 @@ golang.org/x/telemetry v0.0.0-20250807160809-1a19826ec488/go.mod h1:fGb/2+tgXXjh
 golang.org/x/telemetry v0.0.0-20250908211612-aef8a434d053/go.mod h1:+nZKN+XVh4LCiA9DV3ywrzN4gumyCnKjau3NGb9SGoE=
 golang.org/x/telemetry v0.0.0-20251008203120-078029d740a8/go.mod h1:Pi4ztBfryZoJEkyFTI5/Ocsu2jXyDr6iSdgJiYE/uwE=
 golang.org/x/term v0.32.0/go.mod h1:uZG1FhGx848Sqfsq4/DlJr3xGGsYMu/L5GW4abiaEPQ=
-golang.org/x/term v0.37.0 h1:8EGAD0qCmHYZg6J17DvsMy9/wJ7/D/4pV/wfnld5lTU=
 golang.org/x/term v0.37.0/go.mod h1:5pB4lxRNYYVZuTLmy8oR2BH8dflOR+IbTYFD8fi3254=
+golang.org/x/term v0.38.0 h1:PQ5pkm/rLO6HnxFR7N2lJHOZX6Kez5Y1gDSJla6jo7Q=
+golang.org/x/term v0.38.0/go.mod h1:bSEAKrOT1W+VSu9TSCMtoGEOUcKxOKgl3LE5QEF/xVg=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.25.0/go.mod h1:WEdwpYrmk1qmdHvhkSTNPm3app7v4rsT8F2UD6+VHIA=
-golang.org/x/text v0.31.0 h1:aC8ghyu4JhP8VojJ2lEHBnochRno1sgL6nEi9WGFGMM=
 golang.org/x/text v0.31.0/go.mod h1:tKRAlv61yKIjGGHX/4tP1LTbc13YSec1pxVEWXzfoeM=
+golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU=
+golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY=
 golang.org/x/time v0.12.0 h1:ScB/8o8olJvc+CQPWrK3fPZNfh7qgwCrY0zJmoEQLSE=
 golang.org/x/time v0.12.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -460,8 +463,9 @@ golang.org/x/tools v0.34.0/go.mod h1:pAP9OwEaY1CAW3HOmg3hLZC5Z0CCmzjAF2UQMSqNARg
 golang.org/x/tools v0.35.0/go.mod h1:NKdj5HkL/73byiZSJjqJgKn3ep7KjFkBOkR/Hps3VPw=
 golang.org/x/tools v0.36.0/go.mod h1:WBDiHKJK8YgLHlcQPYQzNCkUxUypCaa5ZegCVutKm+s=
 golang.org/x/tools v0.37.0/go.mod h1:MBN5QPQtLMHVdvsbtarmTNukZDdgwdwlO5qGacAzF0w=
-golang.org/x/tools v0.38.0 h1:Hx2Xv8hISq8Lm16jvBZ2VQf+RLmbd7wVUsALibYI/IQ=
 golang.org/x/tools v0.38.0/go.mod h1:yEsQ/d/YK8cjh0L6rZlY8tgtlKiBNTL14pGDJPJpYQs=
+golang.org/x/tools v0.39.0 h1:ik4ho21kwuQln40uelmciQPp9SipgNDdrafrYA4TmQQ=
+golang.org/x/tools v0.39.0/go.mod h1:JnefbkDPyD8UU2kI5fuf8ZX4/yUeh9W877ZeBONxUqQ=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -475,10 +479,10 @@ google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
 google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 h1:9+tzLLstTlPTRyJTh+ah5wIMsBW5c4tQwGTN3thOW9Y=
-google.golang.org/genproto/googleapis/api v0.0.0-20250519155744-55703ea1f237 h1:Kog3KlB4xevJlAcbbbzPfRG0+X9fdoGM+UBRKVz6Wr0=
-google.golang.org/genproto/googleapis/api v0.0.0-20250519155744-55703ea1f237/go.mod h1:ezi0AVyMKDWy5xAncvjLWH7UcLBB5n7y2fQ8MzjJcto=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20250519155744-55703ea1f237 h1:cJfm9zPbe1e873mHJzmQ1nwVEeRDU/T1wXDK2kUSU34=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20250519155744-55703ea1f237/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A=
+google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217 h1:fCvbg86sFXwdrl5LgVcTEvNC+2txB5mgROGmRL5mrls=
+google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:+rXWjjaukWZun3mLfjmVnQi18E1AsFbDN9QdJ5YXLto=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 h1:gRkg/vSppuSQoDjxyiGfN4Upv/h/DQmIR10ZU8dh4Ww=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
@@ -494,8 +498,8 @@ google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGj
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY=
-google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY=
+google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE=
+google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -548,8 +552,8 @@ k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b h1:MloQ9/bdJyIu9lb1PzujOP
 k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b/go.mod h1:UZ2yyWbFTpuhSbFhv24aGNOdoRdJZgsIObGBUaYVsts=
 k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
 k8s.io/utils v0.0.0-20211116205334-6203023598ed/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
-k8s.io/utils v0.0.0-20260210185600-b8788abfbbc2 h1:AZYQSJemyQB5eRxqcPky+/7EdBj0xi3g0ZcxxJ7vbWU=
-k8s.io/utils v0.0.0-20260210185600-b8788abfbbc2/go.mod h1:xDxuJ0whA3d0I4mf/C4ppKHxXynQ+fxnkmQH0vTHnuk=
+k8s.io/utils v0.0.0-20260319190234-28399d86e0b5 h1:kBawHLSnx/mYHmRnNUf9d4CpjREbeZuxoSGOX/J+aYM=
+k8s.io/utils v0.0.0-20260319190234-28399d86e0b5/go.mod h1:xDxuJ0whA3d0I4mf/C4ppKHxXynQ+fxnkmQH0vTHnuk=
 kubevirt.io/api v1.6.2 h1:aoqZ4KsbOyDjLnuDw7H9wEgE/YTd/q5BBmYeQjJNizc=
 kubevirt.io/api v1.6.2/go.mod h1:p66fEy/g79x7VpgUwrkUgOoG2lYs5LQq37WM6JXMwj4=
 kubevirt.io/containerized-data-importer-api v1.60.3-0.20241105012228-50fbed985de9 h1:KTb8wO1Lxj220DX7d2Rdo9xovvlyWWNo3AVm2ua+1nY=
diff --git a/src/cli/go.mod b/src/cli/go.mod
index 96ad87b02f..2acbd5b0d5 100644
--- a/src/cli/go.mod
+++ b/src/cli/go.mod
@@ -1,6 +1,6 @@
 module github.com/deckhouse/virtualization/src/cli
 
-go 1.25.9
+go 1.25.10
 
 require (
 	github.com/deckhouse/virtualization/api v0.15.0
diff --git a/test/e2e/go.mod b/test/e2e/go.mod
index 4a8aacad42..b8b9b1c6a4 100644
--- a/test/e2e/go.mod
+++ b/test/e2e/go.mod
@@ -1,6 +1,6 @@
 module github.com/deckhouse/virtualization/test/e2e
 
-go 1.25.9
+go 1.25.10
 
 tool github.com/onsi/ginkgo/v2/ginkgo
 
diff --git a/test/performance/tools/shatal/go.mod b/test/performance/tools/shatal/go.mod
index e5be7c6b12..fd384b18a9 100644
--- a/test/performance/tools/shatal/go.mod
+++ b/test/performance/tools/shatal/go.mod
@@ -1,6 +1,6 @@
 module github.com/deckhouse/virtualization/shatal
 
-go 1.25.9
+go 1.25.10
 
 require (
 	github.com/deckhouse/virtualization/api v1.0.0

From 68a45bbe8d6cf91c8ec16cbb74770d6582644c73 Mon Sep 17 00:00:00 2001
From: Dmitry Lopatin <dmitry.lopatin@flant.com>
Date: Wed, 13 May 2026 15:23:14 +0300
Subject: [PATCH 2/2] wip

Signed-off-by: Dmitry Lopatin <dmitry.lopatin@flant.com>
---
 build/components/versions.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build/components/versions.yml b/build/components/versions.yml
index c7ab8ea643..0f8905a167 100644
--- a/build/components/versions.yml
+++ b/build/components/versions.yml
@@ -4,7 +4,7 @@ firmware:
   edk2: stable202411
 core:
   3p-kubevirt: v1.6.2-v12n.30
-  3p-containerized-data-importer: chore/core/cve-mitigation-11052026
+  3p-containerized-data-importer: v1.60.3-v12n.19
   distribution: 2.8.3
 package:
   acl: v2.3.1