<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Talos on Cozystack</title><link>https://cozystack.io/article_types/talos/</link><description>Recent content in Talos on Cozystack</description><generator>Hugo</generator><language>en</language><lastBuildDate>Tue, 14 Jul 2026 12:41:29 +0500</lastBuildDate><atom:link href="https://cozystack.io/article_types/talos/index.xml" rel="self" type="application/rss+xml"/><item><title>CVE-2026-43499 (GhostLock): Cozystack Exposure Assessment</title><link>https://cozystack.io/blog/2026/07/cve-2026-43499-ghostlock-cozystack-exposure-assessment/</link><pubDate>Tue, 14 Jul 2026 00:00:00 +0000</pubDate><guid>https://cozystack.io/blog/2026/07/cve-2026-43499-ghostlock-cozystack-exposure-assessment/</guid><description>&lt;p&gt;&lt;img src="https://cozystack.io/blog/2026/07/cve-2026-43499-ghostlock-cozystack-exposure-assessment/ghostlock-cozystack-assessment.png" alt="Security Advisory: CVE-2026-43499 (GhostLock) — Cozystack Exposure Assessment"&gt;&lt;/p&gt;
&lt;p&gt;Third CVE this week — but good news: Cozystack isn&amp;rsquo;t exposed by design, and the fix is the same v1.13.6 upgrade you already know. Details below.&lt;/p&gt;
&lt;p&gt;&lt;strong&gt;TL;DR:&lt;/strong&gt; 
&lt;a href="https://nvd.nist.gov/vuln/detail/CVE-2026-43499" target="_blank"&gt;CVE-2026-43499 (&amp;ldquo;GhostLock&amp;rdquo;)&lt;/a&gt; is a Linux kernel local privilege escalation. By the design of Cozystack, we currently see no viable attack path for a tenant to reach the affected host kernel surface. We still recommend the fix — and it is the &lt;strong&gt;same Talos v1.13.6 upgrade&lt;/strong&gt; that closes 
&lt;a href="https://cozystack.io/blog/2026/07/fixing-cve-2026-53359-januscape-talos-linux/"&gt;Januscape (CVE-2026-53359) and CVE-2026-46113&lt;/a&gt;. One move to v1.13.6 closes all three.&lt;/p&gt;</description></item><item><title>Fixing CVE-2026-53359 (Januscape) and CVE-2026-46113 on Talos Linux</title><link>https://cozystack.io/blog/2026/07/fixing-cve-2026-53359-januscape-talos-linux/</link><pubDate>Tue, 14 Jul 2026 00:00:00 +0000</pubDate><guid>https://cozystack.io/blog/2026/07/fixing-cve-2026-53359-januscape-talos-linux/</guid><description>&lt;p&gt;&lt;img src="https://cozystack.io/blog/2026/07/fixing-cve-2026-53359-januscape-talos-linux/januscape-talos-fix.png" alt="Fixing CVE-2026-53359 (Januscape) and CVE-2026-46113 on Talos Linux"&gt;&lt;/p&gt;
&lt;p&gt;&lt;strong&gt;Update on CVE-2026-53359 (&amp;ldquo;Januscape&amp;rdquo;): the proper fix is here.&lt;/strong&gt;&lt;/p&gt;
&lt;p&gt;Our 
&lt;a href="https://nvd.nist.gov/vuln/detail/CVE-2026-53359" target="_blank"&gt;earlier mitigation&lt;/a&gt; was a hotfix — a temporary, forced measure. The proper fix is now available, so the hotfix is no longer needed.&lt;/p&gt;
&lt;p&gt;&lt;strong&gt;TL;DR:&lt;/strong&gt; Disabling nested virtualization is no longer needed. It was a hotfix, and for some setups it wasn&amp;rsquo;t even possible. The real fix is a kernel bump. If you already applied the hotfix, roll it back and upgrade instead.&lt;/p&gt;</description></item></channel></rss>