diff --git a/.github/workflows/.env/nightly-tests/max_versions.env b/.github/workflows/.env/nightly-tests/max_versions.env
index e6697d163b0..4c5f7de27be 100644
--- a/.github/workflows/.env/nightly-tests/max_versions.env
+++ b/.github/workflows/.env/nightly-tests/max_versions.env
@@ -1,5 +1,5 @@
 node_version='v1.32.0@sha256:c48c62eac5da28cdadcf560d1d8616cfa6783b58f0d94cf63ad1bf49600cb027'
-kubectl_version='v1.32.2'
+kubectl_version='v1.34.3'
 kind_version='v0.26.0'
 helm_version='v3.17.1'
 argocd_version='v2.14.2'
diff --git a/.github/workflows/.env/pr-tests/versions.env b/.github/workflows/.env/pr-tests/versions.env
index e6697d163b0..4c5f7de27be 100644
--- a/.github/workflows/.env/pr-tests/versions.env
+++ b/.github/workflows/.env/pr-tests/versions.env
@@ -1,5 +1,5 @@
 node_version='v1.32.0@sha256:c48c62eac5da28cdadcf560d1d8616cfa6783b58f0d94cf63ad1bf49600cb027'
-kubectl_version='v1.32.2'
+kubectl_version='v1.34.3'
 kind_version='v0.26.0'
 helm_version='v3.17.1'
 argocd_version='v2.14.2'
diff --git a/changelog/v1.19.11/bump-kubectl-1.34.3.yaml b/changelog/v1.19.11/bump-kubectl-1.34.3.yaml
new file mode 100644
index 00000000000..197980bbce1
--- /dev/null
+++ b/changelog/v1.19.11/bump-kubectl-1.34.3.yaml
@@ -0,0 +1,9 @@
+changelog:
+- type: DEPENDENCY_BUMP
+  dependencyOwner: rancher
+  dependencyRepo: kubectl
+  dependencyTag: v1.34.3
+  description: >-
+    Bump kubectl distroless image to 1.34.3 to fix CVE-2025-58183 and CVE-2025-61729
+  issueLink: https://github.com/solo-io/gloo/issues/11089
+  resolvesIssue: false
diff --git a/jobs/kubectl/Dockerfile b/jobs/kubectl/Dockerfile
index dd38a8e9ef5..3890dd4b8a5 100644
--- a/jobs/kubectl/Dockerfile
+++ b/jobs/kubectl/Dockerfile
@@ -1,6 +1,6 @@
 ARG BASE_IMAGE
 
-FROM rancher/kubectl:v1.34.1 as kubectl
+FROM rancher/kubectl:v1.34.3 as kubectl
 
 FROM $BASE_IMAGE
 
diff --git a/jobs/kubectl/Dockerfile.distroless b/jobs/kubectl/Dockerfile.distroless
index bed6cd83873..025681a0662 100644
--- a/jobs/kubectl/Dockerfile.distroless
+++ b/jobs/kubectl/Dockerfile.distroless
@@ -1,6 +1,6 @@
 ARG BASE_IMAGE
 
-FROM rancher/kubectl:v1.34.1 as kubectl
+FROM rancher/kubectl:v1.34.3 as kubectl
 
 FROM $BASE_IMAGE