diff --git a/.gitignore b/.gitignore
index 80776a4..6d79607 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,6 +1,6 @@
 SOURCES/centossecureboot201.cer
 SOURCES/centossecurebootca2.cer
-SOURCES/linux-4.18.0-553.109.1.rt7.450.el8_10.tar.xz
+SOURCES/linux-4.18.0-553.111.1.rt7.452.el8_10.tar.xz
 SOURCES/redhatsecureboot302.cer
 SOURCES/redhatsecureboot303.cer
 SOURCES/redhatsecureboot501.cer
diff --git a/.kernel-rt.metadata b/.kernel-rt.metadata
index 9c64e19..c394175 100644
--- a/.kernel-rt.metadata
+++ b/.kernel-rt.metadata
@@ -1,6 +1,6 @@
 2ba40bf9138b48311e5aa1b737b7f0a8ad66066f SOURCES/centossecureboot201.cer
 bfdb3d7cffc43f579655af5155d50c08671d95e5 SOURCES/centossecurebootca2.cer
-04e249010df8f9252dffa7b880c10483c07be877 SOURCES/linux-4.18.0-553.109.1.rt7.450.el8_10.tar.xz
+213f9df5dd43fbdd954d8a515e121103b58470d7 SOURCES/linux-4.18.0-553.111.1.rt7.452.el8_10.tar.xz
 13e5cd3f856b472fde80a4deb75f4c18dfb5b255 SOURCES/redhatsecureboot302.cer
 e89890ca0ded2f9058651cc5fa838b78db2e6cc2 SOURCES/redhatsecureboot303.cer
 ba0b760e594ff668ee72ae348adf3e49b97f75fb SOURCES/redhatsecureboot501.cer
diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec
index e5bfba9..aa56dca 100644
--- a/SPECS/kernel.spec
+++ b/SPECS/kernel.spec
@@ -38,10 +38,10 @@
 # define buildid .local
 
 %define specversion 4.18.0
-%define pkgrelease 553.109.1.rt7.450.el8_10
+%define pkgrelease 553.111.1.rt7.452.el8_10
 
 # allow pkg_release to have configurable %%{?dist} tag
-%define specrelease 553.109.1.rt7.450%{?dist}
+%define specrelease 553.111.1.rt7.452%{?dist}
 
 %define pkg_release %{specrelease}%{?buildid}
 
@@ -148,7 +148,7 @@
 # The preempt RT patch level
 %global rttag .rt7
 # realtimeN
-%global rtbuild .450
+%global rtbuild .452
 %define with_doc 0
 %define with_headers 0
 %define with_cross_headers 0
@@ -2720,7 +2720,7 @@ fi
 #
 #
 %changelog
-* Mon Mar 02 2026 Andrei Lukoshko <alukoshko@almalinux.org> - 4.18.0-553.109.1.rt7.450
+* Mon Mar 09 2026 Andrei Lukoshko <alukoshko@almalinux.org> - 4.18.0-553.111.1.rt7.452
 - hpsa: bring back deprecated PCI ids #CFHack #CFHack2024
 - mptsas: bring back deprecated PCI ids #CFHack #CFHack2024
 - megaraid_sas: bring back deprecated PCI ids #CFHack #CFHack2024
@@ -2731,10 +2731,20 @@ fi
 - kernel/rh_messages.h: enable all disabled pci devices by moving to
   unmaintained
 
-* Mon Mar 02 2026 Eduard Abdullin <eabdullin@almalinux.org> - 4.18.0-553.109.1.rt7.450
+* Mon Mar 09 2026 Eduard Abdullin <eabdullin@almalinux.org> - 4.18.0-553.111.1.rt7.452
 - Use AlmaLinux OS secure boot cert
 - Debrand for AlmaLinux OS
 
+* Sat Feb 28 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [4.18.0-553.111.1.rt7.452.el8_10]
+- macvlan: fix possible UAF in macvlan_forward_source() (Hangbin Liu) [RHEL-144120] {CVE-2026-23001}
+
+* Thu Feb 26 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [4.18.0-553.110.1.rt7.451.el8_10]
+- pNFS: fix a missing wake up while waiting on NFS_LAYOUT_DRAIN (Olga Kornievskaia) [RHEL-131922]
+- fbcon: Avoid using FNTCHARCNT() and hard-coded built-in font charcount (Jocelyn Falempe) [RHEL-148636]
+- audit: Use the new {get,put}_fs_pwd_pool() APIs to get/put pwd references (Waiman Long) [RHEL-146026]
+- fs: Add a pool of extra fs->pwd references to fs_struct (Waiman Long) [RHEL-146026]
+- ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (CKI Backport Bot) [RHEL-143535] {CVE-2025-71085}
+
 * Tue Feb 24 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [4.18.0-553.109.1.rt7.450.el8_10]
 - migrate: correct lock ordering for hugetlb file folios (Luiz Capitulino) [RHEL-147261] {CVE-2026-23097}