diff --git a/kernel.spec b/kernel.spec
index 592a417..a56c540 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -38,10 +38,10 @@
 # define buildid .local
 
 %define specversion 4.18.0
-%define pkgrelease 553.94.1.rt7.435.el8_10
+%define pkgrelease 553.95.1.rt7.436.el8_10
 
 # allow pkg_release to have configurable %%{?dist} tag
-%define specrelease 553.94.1.rt7.435%{?dist}
+%define specrelease 553.95.1.rt7.436%{?dist}
 
 %define pkg_release %{specrelease}%{?buildid}
 
@@ -148,7 +148,7 @@
 # The preempt RT patch level
 %global rttag .rt7
 # realtimeN
-%global rtbuild .435
+%global rtbuild .436
 %define with_doc 0
 %define with_headers 0
 %define with_cross_headers 0
@@ -2708,6 +2708,38 @@ fi
 #
 #
 %changelog
+* Thu Jan 15 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [4.18.0-553.95.1.rt7.436.el8_10]
+- NFSv4: Check for delegation validity in nfs_start_delegation_return_locked() (Olga Kornievskaia) [RHEL-132819]
+- vsock: Ignore signal/timeout on connect() if already established (CKI Backport Bot) [RHEL-139273] {CVE-2025-40248}
+- scsi: lpfc: avoid crashing in lpfc_nlp_get() if lpfc_nodelist was freed (Ewan D. Milne) [RHEL-32324]
+- scsi: lpfc: Fix reusing an ndlp that is marked NLP_DROPPED during FLOGI (Ewan D. Milne) [RHEL-32324]
+- scsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk (Ewan D. Milne) [RHEL-32324]
+- scsi: lpfc: Prevent failure to reregister with NVMe transport after PRLI retry (Ewan D. Milne) [RHEL-32324]
+- scsi: lpfc: Fix lpfc_check_sli_ndlp() handling for GEN_REQUEST64 commands (Ewan D. Milne) [RHEL-32324]
+- scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine (Ewan D. Milne) [RHEL-32324]
+- scsi: lpfc: Ignore ndlp rport mismatch in dev_loss_tmo callbk (Ewan D. Milne) [RHEL-32324]
+- scsi: lpfc: Modify handling of ADISC based on ndlp state and RPI registration (Ewan D. Milne) [RHEL-32324]
+- scsi: lpfc: Delete NLP_TARGET_REMOVE flag due to obsolete usage (Ewan D. Milne) [RHEL-32324]
+- scsi: lpfc: Prevent NDLP reference count underflow in dev_loss_tmo callback (Ewan D. Milne) [RHEL-32324]
+- scsi: lpfc: Check devloss callbk done flag for potential stale NDLP ptrs (Ewan D. Milne) [RHEL-32324]
+- scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance (Ewan D. Milne) [RHEL-32324]
+- scsi: lpfc: Fix kref imbalance on fabric ndlps from dev_loss_tmo handler (Ewan D. Milne) [RHEL-32324]
+- scsi: lpfc: Update PRLO handling in direct attached topology (Ewan D. Milne) [RHEL-32324]
+- scsi: lpfc: Fix unsolicited FLOGI kref imbalance when in direct attached topology (Ewan D. Milne) [RHEL-32324]
+- scsi: lpfc: Fix handling of fully recovered fabric node in dev_loss callbk (Ewan D. Milne) [RHEL-32324]
+- scsi: lpfc: Add condition to delete ndlp object after sending BLS_RJT to an ABTS (Ewan D. Milne) [RHEL-32324]
+- scsi: lpfc: Remove NLP_RCV_PLOGI early return during RSCN processing for ndlps (Ewan D. Milne) [RHEL-32324]
+- scsi: lpfc: Allow lpfc_plogi_confirm_nport() logic to execute for Fabric nodes (Ewan D. Milne) [RHEL-32324]
+- scsi: lpfc: Fix list_entry null check warning in lpfc_cmpl_els_plogi() (Ewan D. Milne) [RHEL-32324]
+- scsi: lpfc: Fix possible file string name overflow when updating firmware (Ewan D. Milne) [RHEL-32324]
+- scsi: lpfc: Validate ELS LS_ACC completion payload (Ewan D. Milne) [RHEL-32324]
+- scsi: lpfc: Remove extra ndlp kref decrement in FLOGI cmpl for loop topology (Ewan D. Milne) [RHEL-32324]
+- scsi: lpfc: Revise NPIV ELS unsol rcv cmpl logic to drop ndlp based on nlp_state (Ewan D. Milne) [RHEL-32324]
+- scsi: lpfc: Fix double free in lpfc_cmpl_els_logo_acc() caused by lpfc_nlp_not_used() (Ewan D. Milne) [RHEL-32324]
+- scsi: lpfc: Move scsi_host_template outside dynamically allocated/freed phba (Ewan D. Milne) [RHEL-32324]
+- scsi: lpfc: Fill in missing ndlp kref puts in error paths (Ewan D. Milne) [RHEL-32324]
+- scsi: lpfc: Fix kasan slab-out-of-bounds error in lpfc_unreg_login (Ewan D. Milne) [RHEL-32324]
+
 * Tue Jan 13 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [4.18.0-553.94.1.rt7.435.el8_10]
 - net: atlantic: fix fragment overflow handling in RX path (CKI Backport Bot) [RHEL-139482] {CVE-2025-68301}
 - smb: client: let recv_done verify data_offset, data_length and remaining_data_length (Paulo Alcantara) [RHEL-131387] {CVE-2025-39933}
diff --git a/sources b/sources
index 7e885dc..0eb8506 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (linux-4.18.0-553.94.1.rt7.435.el8_10.tar.xz) = 56246ffe7330d89bfb89fc3ef0870e2d97e16590e700c9dc75e5b2e25098fbcc82061874956d18c6e305e840d2b5a39d82ac6c2c36c43310a8abd9a6a455d574
+SHA512 (linux-4.18.0-553.95.1.rt7.436.el8_10.tar.xz) = 23e2d300c58fdad777605c1aaa80fd3098d67dcbbeaa7a3680ca6c0fbbba6c9f2f57bd67b0a20f833f03ca9ad30fe6bacd5609109b5b3957df8fcee9d9928853