diff --git a/Dockerfile b/Dockerfile
index 4594598d2..b69a7f429 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -5,7 +5,7 @@
 # Note that multistage builds can leverage the tag applied (at build
 # time) to this container
 
-FROM --platform=linux/amd64 golang:1.25 AS golauncherbuild
+FROM --platform=linux/amd64 golang:1.26 AS golauncherbuild
 LABEL maintainer="engineering@kolide.co"
 
 # fake data or not?
diff --git a/ee/localserver/dt4a_auth_middleware.go b/ee/localserver/dt4a_auth_middleware.go
index d8d9f186a..da6c48267 100644
--- a/ee/localserver/dt4a_auth_middleware.go
+++ b/ee/localserver/dt4a_auth_middleware.go
@@ -293,8 +293,8 @@ func (c *chain) validate(trustedKeys map[string]*ecdsa.PublicKey) error {
 	// make a copy of the root key so that we can reassign it
 	parentEcdsa := &ecdsa.PublicKey{
 		Curve: rootKey.Curve,
-		X:     rootKey.X,
-		Y:     rootKey.Y,
+		X:     rootKey.X, //nolint:staticcheck
+		Y:     rootKey.Y, //nolint:staticcheck
 	}
 
 	var currentPayload payload
diff --git a/ee/localserver/dt4a_auth_middleware_test.go b/ee/localserver/dt4a_auth_middleware_test.go
index 0096c91d0..4b4561102 100644
--- a/ee/localserver/dt4a_auth_middleware_test.go
+++ b/ee/localserver/dt4a_auth_middleware_test.go
@@ -470,8 +470,8 @@ func toJWK(key any, kid string) (*jwk, error) {
 		}
 
 		// Encode x and y coordinates using base64 URL encoding (unpadded).
-		xStr := base64.RawURLEncoding.EncodeToString(k.X.Bytes())
-		yStr := base64.RawURLEncoding.EncodeToString(k.Y.Bytes())
+		xStr := base64.RawURLEncoding.EncodeToString(k.X.Bytes()) //nolint:staticcheck
+		yStr := base64.RawURLEncoding.EncodeToString(k.Y.Bytes()) //nolint:staticcheck
 
 		return &jwk{
 			Curve: crv,
diff --git a/go.mod b/go.mod
index ccf05a753..f8f386d56 100644
--- a/go.mod
+++ b/go.mod
@@ -174,6 +174,6 @@ require (
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
 
-go 1.25.9
+go 1.26.2
 
 replace github.com/go-ole/go-ole v1.3.0 => github.com/kolide/go-ole v0.0.0-20241008210444-65130153c767