The Top 50 Products Reaching End of Life in 2026 The definitive list of software, runtimes, operating systems, databases, and hardware ending support in 2026. For each product: the exact date, the CVE risk level, and what to do about it. Every year, dozens of major software products reach end of life. Vendors stop issuing security patches. CVEs accumulate indefinitely. And most organizations only find out when something breaks — or when an attacker finds out first. 2026 is a particularly heavy year for EOL events. Major runtime versions, widely deployed operating systems, core databases, and critical enterprise hardware are all crossing their support thresholds this year. This list covers the 50 most impactful — ranked by deployment breadth and security consequence. The CVE blind spot: Products marked Past EOL are no longer receiving security patches. Every CVE disclosed against them after their EOL date accumulates indefinitely. Most vulnerability scanners do not flag this. It is the most underestimated risk in enterprise security. Each entry shows the product, version, EOL date, and a CVE risk rating based on the product's attack surface, deployment breadth, and historical vulnerability frequency. Critical means this product has been actively exploited in the wild and represents an urgent remediation priority. High means significant exposure with documented CVEs. Medium means lower deployment breadth or lower historical vulnerability frequency. These products reached end of life before May 2026. Every day you run them is another day of unpatched CVE exposure. These are not future risks — they are current ones. # Product Version EOL Date CVE Risk Action 01 Windows 10 All editions Oct 14, 2025 🔴 Critical Migrate to Windows 11 or enroll in ESU 02 Node.js 20 20.x LTS Apr 30, 2026 🔴 Critical Upgrade to Node.js 22 or 24 03 MySQL 8.0 8.0.x Apr 30, 2026 🔴 Critical Upgrade to MySQL 8.4 LTS 04 Python 3.9 3.9.x Oct 5, 2025 🔴 Critical Migrate to Python 3.11 or 3.12 05 PHP 8.1 8.1.x Dec 31, 2025 🔴 Critical Upgrade to PHP 8.3 or 8.4 06 Ubuntu 20.04 LTS Focal Fossa Apr 2, 2025 🔴 Critical Upgrade to Ubuntu 22.04 or 24.04 07 Node.js 18 18.x LTS Apr 30, 2025 🔴 Critical Upgrade to Node.js 22 or 24 08 Ruby 3.1 3.1.x Mar 31, 2025 🟠 High Upgrade to Ruby 3.3 or 3.4 09 Redis 7.0 7.0.x Jul 31, 2025 🟠 High Upgrade to Redis 8.x or evaluate Valkey 10 Django 4.2 LTS 4.2.x Apr 1, 2026 🟠 High Upgrade to Django 5.2 LTS 11 Amazon Linux 2 AL2 Jun 30, 2025 🔴 Critical Migrate to Amazon Linux 2023 12 Kubernetes 1.29 1.29.x Feb 28, 2026 🟠 High Upgrade to Kubernetes 1.32 or 1.33 13 Kubernetes 1.30 1.30.x Jun 28, 2026 🟠 High Upgrade to Kubernetes 1.32 or 1.33 14 Angular 17 17.x May 15, 2025 🟠 High Upgrade to Angular 19 or 20 15 .NET 7 7.x May 14, 2024 🟠 High Upgrade to .NET 8 or .NET 9 16 MongoDB 6.0 6.0.x Oct 1, 2025 🟠 High Upgrade to MongoDB 7.0 or 8.0 17 Rails 7.0 7.0.x Apr 1, 2025 🟠 High Upgrade to Rails 7.2 or 8.0 18 Laravel 10 10.x Feb 4, 2025 🟠 High Upgrade to Laravel 11 or 12 19 Go 1.23 1.23.x Aug 1, 2025 🟡 Medium Upgrade to Go 1.24 20 OpenSSL 3.1 3.1.x Mar 14, 2025 🔴 Critical Upgrade to OpenSSL 3.3 or 3.4 LTS These products reach end of life between now and December 31, 2026. Migration projects for the items in this section need to be underway now — not started when the date arrives. # Product Version EOL Date CVE Risk Action 21 Redis 7.2 7.2.x Jul 31, 2026 🟠 High Plan upgrade to Redis 8.x or Valkey 22 Python 3.10 3.10.x Oct 4, 2026 🔴 Critical Migrate to Python 3.11 or 3.12 23 PHP 8.2 8.2.x Dec 31, 2026 🟠 High Upgrade to PHP 8.3 or 8.4 24 Java 17 LTS 17.x Sep 30, 2026 🔴 Critical Migrate to Java 21 or 25 LTS 25 .NET 8 8.x Nov 10, 2026 🟠 High Plan upgrade to .NET 9 or .NET 10 26 Kubernetes 1.31 1.31.x Oct 28, 2026 🟠 High Plan upgrade to 1.33 27 Angular 18 18.x Nov 20, 2026 🟠 High Plan upgrade to Angular 19 or 20 28 Debian 11 Bullseye Bullseye Jun 30, 2026 🔴 Critical Upgrade to Debian 12 Bookworm 29 PostgreSQL 14 14.x Nov 12, 2026 🟠 High Upgrade to PostgreSQL 16 or 17 30 OpenSSL 3.0 LTS 3.0.x Sep 7, 2026 🔴 Critical Upgrade to OpenSSL 3.4 LTS 31 Ruby 3.2 3.2.x Mar 31, 2026 🟠 High Upgrade to Ruby 3.3 or 3.4 32 MariaDB 10.6 10.6.x Jul 6, 2026 🟠 High Upgrade to MariaDB 10.11 LTS or 11.4 LTS 33 Spring Framework 5.3 5.3.x Dec 31, 2026 🟠 High Migrate to Spring Framework 6.x 34 Windows 11 23H2 23H2 Nov 10, 2026 🟠 High Update to Windows 11 24H2 35 Docker Engine 25 25.x Dec 1, 2026 🟡 Medium Upgrade to Docker Engine 26 or 27 36 Angular 19 19.x May 22, 2026 🟠 High Upgrade to Angular 20 37 Dell EMC Unity 300/400/500 Storage Dec 31, 2026 🟠 High Migrate to Dell PowerStore 38 Kubernetes 1.32 1.32.x Feb 28, 2027 🟠 High Plan upgrade to 1.33 or 1.34 39 Go 1.24 1.24.x Feb 1, 2027 🟡 Medium Plan upgrade when Go 1.25 releases 40 OpenSSL 3.3 3.3.x Apr 9, 2026 🔴 Critical Upgrade to OpenSSL 3.4 LTS immediately Hardware EOSL has the longest lead times and the highest remediation cost. These items should be in capital planning conversations now. # Product Platform EOSL Date Risk Action 41 Cisco Catalyst 3650/3850 Switching Oct 31, 2025 🔴 Critical Replace with Catalyst 9300 series 42 Cisco ASA 5508-X / 5516-X Firewall Aug 31, 2027 🔴 Critical Migrate to Cisco Firepower 1000/2100 43 HPE ProLiant Gen 9 DL360/DL380 Jan 31, 2024 🔴 Critical Replace with Gen 10 or Gen 11 44 Dell PowerEdge 13G R630/R730 Oct 31, 2023 🔴 Critical Replace with PowerEdge 15G or 16G 45 Dell EMC VNX/VNX2 Storage Dec 31, 2023 🔴 Critical Migrate to Dell PowerStore These products reach EOL in Q1 2027. Migration projects should be scoped and resourced before year-end 2026. # Product Version EOL Date CVE Risk Action 46 Node.js 22 LTS 22.x Apr 30, 2027 🟠 High Begin planning migration to Node.js 24 47 PostgreSQL 15 15.x Nov 11, 2027 🟠 High Plan upgrade to PostgreSQL 17 48 Django 5.0 5.0.x Apr 1, 2026 🟠 High Upgrade to Django 5.2 LTS 49 Ruby 3.3 3.3.x Mar 31, 2027 🟡 Medium Plan upgrade to Ruby 3.4 50 Laravel 11 11.x Aug 5, 2026 🟠 High Plan upgrade to Laravel 12 Cross-reference every item against your actual production stack. For any match, create a tracked ticket with an owner and a deadline. Don't leave it as a note — it needs to be in your issue tracker, assigned, with a date. For items already past EOL: These are your immediate priorities. Apply compensating controls — network segmentation, enhanced monitoring, restricted access — while migration is underway. Do not wait for the migration to be complete before implementing controls. For items EOL within 6 months: Migration projects should already be scoped. If they aren't, start the scoping conversation this week. Six months is enough runway if you start now. Two months is not. For items EOL in 2027: These belong in your annual planning conversation. Budget and resource them now so there is no scramble when the date arrives. The board conversation: This list is the starting point for quantifying EOL risk in terms your board understands. Each item past EOL represents an open vulnerability class with no patch path. The cost to remediate is known. The cost of a breach is estimable. The expected loss calculation belongs in every board risk report. This list is a starting point. To see which of these affect your stack specifically, upload your dependency file to the Stack Scanner at endoflife.ai — free, no account required, results in seconds. You can also check any individual product's full version lifecycle at endoflife.ai — 450+ products covered. Data sourced from endoflife.date, NIST NVD, CISA KEV catalog, and official vendor lifecycle pages. List updated quarterly. Tags: security devops webdev career