CVE-2026-43499 (GhostLock): Cozystack Exposure Assessment
CVE-2026-43499 (GhostLock) is a Linux kernel local privilege escalation. Cozystack is not exposed by design, and the fix is the same Talos v1.13.6 kernel upgrade.
CVE-2026-43499 (GhostLock) is a Linux kernel local privilege escalation. Cozystack is not exposed by design, and the fix is the same Talos v1.13.6 kernel upgrade.
The proper fix for CVE-2026-53359 (Januscape) and CVE-2026-46113 is a kernel bump, not disabling nested virtualization — with a Talos Linux upgrade runbook.
Cozystack v0.39 adds Cilium topology-aware routing, Windows VM scheduling with nodeAffinity, a major Talm tool overhaul with encryption support, and VMAgent for tenant namespace metrics.
Talm v0.17 introduces built-in age encryption for secure secrets management, making it easier to store sensitive configuration files in Git repositories while maintaining security best practices.
Talos Linux is a specialized operating system designed for running Kubernetes. In my opinion, it does that task better than others. First…
Main changes
Cozystack v0.23 updates Talos Linux to v1.9.2, adds Telegram severity filtering for alerts, introduces hooks for VM instance type updates, and updates the FluxCD Operator.
Cozystack v0.15 introduces OpenCost for resource cost tracking, adds Talos metal image and firmware updates, fixes the backup system, and resolves Kamaji OOM issues.