diff --git a/.gitignore b/.gitignore
index 00e9b94..8b4c805 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,6 +1,6 @@
 SOURCES/centossecureboot201.cer
 SOURCES/centossecurebootca2.cer
-SOURCES/linux-4.18.0-553.84.1.rt7.425.el8_10.tar.xz
+SOURCES/linux-4.18.0-553.85.1.rt7.426.el8_10.tar.xz
 SOURCES/redhatsecureboot302.cer
 SOURCES/redhatsecureboot303.cer
 SOURCES/redhatsecureboot501.cer
diff --git a/.kernel-rt.metadata b/.kernel-rt.metadata
index d12fd15..040b31e 100644
--- a/.kernel-rt.metadata
+++ b/.kernel-rt.metadata
@@ -1,6 +1,6 @@
 2ba40bf9138b48311e5aa1b737b7f0a8ad66066f SOURCES/centossecureboot201.cer
 bfdb3d7cffc43f579655af5155d50c08671d95e5 SOURCES/centossecurebootca2.cer
-1b1b5f52a9068311c088c748ee3410dbc63299f2 SOURCES/linux-4.18.0-553.84.1.rt7.425.el8_10.tar.xz
+6bd37a353de1e8e759f772cae342584faf5bf948 SOURCES/linux-4.18.0-553.85.1.rt7.426.el8_10.tar.xz
 13e5cd3f856b472fde80a4deb75f4c18dfb5b255 SOURCES/redhatsecureboot302.cer
 e89890ca0ded2f9058651cc5fa838b78db2e6cc2 SOURCES/redhatsecureboot303.cer
 ba0b760e594ff668ee72ae348adf3e49b97f75fb SOURCES/redhatsecureboot501.cer
diff --git a/SOURCES/rpminspect.yaml b/SOURCES/rpminspect.yaml
index 2890de6..597711f 100644
--- a/SOURCES/rpminspect.yaml
+++ b/SOURCES/rpminspect.yaml
@@ -26,6 +26,8 @@ emptyrpm:
         - kernel-debug
         - kernel-zfcpdump
         - kernel-zfcpdump-modules
+        - kernel-rt
+        - kernel-rt-debug
 
 specname:
     match: prefix
diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec
index 47f5f51..6748696 100644
--- a/SPECS/kernel.spec
+++ b/SPECS/kernel.spec
@@ -38,10 +38,10 @@
 # define buildid .local
 
 %define specversion 4.18.0
-%define pkgrelease 553.84.1.rt7.425.el8_10
+%define pkgrelease 553.85.1.rt7.426.el8_10
 
 # allow pkg_release to have configurable %%{?dist} tag
-%define specrelease 553.84.1.rt7.425%{?dist}
+%define specrelease 553.85.1.rt7.426%{?dist}
 
 %define pkg_release %{specrelease}%{?buildid}
 
@@ -148,7 +148,7 @@
 # The preempt RT patch level
 %global rttag .rt7
 # realtimeN
-%global rtbuild .425
+%global rtbuild .426
 %define with_doc 0
 %define with_headers 0
 %define with_cross_headers 0
@@ -2708,6 +2708,23 @@ fi
 #
 #
 %changelog
+* Thu Nov 13 2025 Alexandra Hájková <ahajkova@redhat.com> [4.18.0-553.85.1.rt7.426.el8_10]
+- i40e: add mask to apply valid bits for itr_idx (Michal Schmidt) [RHEL-123799]
+- i40e: add max boundary check for VF filters (Michal Schmidt) [RHEL-123799] {CVE-2025-39968}
+- i40e: fix validation of VF state in get resources (Michal Schmidt) [RHEL-123799] {CVE-2025-39969}
+- i40e: fix input validation logic for action_meta (Michal Schmidt) [RHEL-123799] {CVE-2025-39970}
+- i40e: Fix filter input checks to prevent config with invalid values (Michal Schmidt) [RHEL-123799]
+- i40e: fix idx validation in config queues msg (Michal Schmidt) [RHEL-123799] {CVE-2025-39971}
+- i40e: fix: remove needless retries of NVM update (Michal Schmidt) [RHEL-123799]
+- i40e: remove i40e_status (Michal Schmidt) [RHEL-123799]
+- i40e: fix idx validation in i40e_validate_queue_map (Michal Schmidt) [RHEL-123799] {CVE-2025-39972}
+- i40e: add validation for ring_len param (Michal Schmidt) [RHEL-123799] {CVE-2025-39973}
+- i40e: increase max descriptors for XL710 (Michal Schmidt) [RHEL-123799]
+- drm/nouveau: Don't create connectors that aren't in disp.conn_mask (Lyude Paul) [RHEL-22122]
+- NFS: Fix a race when updating an existing write (Olga Kornievskaia) [RHEL-113849] {CVE-2025-39697}
+- nfs: fold nfs_page_group_lock_subrequests into nfs_lock_and_join_requests (Olga Kornievskaia) [RHEL-113849] {CVE-2025-39697}
+- The rpminspect.yaml emptyrpm list needs to be expanded (Alexandra Hájková)
+
 * Thu Nov 06 2025 Alexandra Hájková <ahajkova@redhat.com> [4.18.0-553.84.1.rt7.425.el8_10]
 - cgroup: don't put ERR_PTR() into fc->root (CKI Backport Bot) [RHEL-123775]
 - vsock/virtio: Validate length in packet header before skb_put() (Jon Maloy) [RHEL-114296] {CVE-2025-39718}