diff --git a/build/components/versions.yml b/build/components/versions.yml
index 6fa7777554..46dab0564b 100644
--- a/build/components/versions.yml
+++ b/build/components/versions.yml
@@ -3,7 +3,7 @@ firmware:
   libvirt: v10.9.0
   edk2: stable202411
 core:
-  3p-kubevirt: v1.6.2-v12n.38
+  3p-kubevirt: fix/network/net-admin
   3p-containerized-data-importer: v1.60.3-v12n.19
   distribution: 2.8.3
 package:
diff --git a/images/virt-artifact/werf.inc.yaml b/images/virt-artifact/werf.inc.yaml
index 542d241165..7d4328262a 100644
--- a/images/virt-artifact/werf.inc.yaml
+++ b/images/virt-artifact/werf.inc.yaml
@@ -2,13 +2,14 @@
 # Source https://github.com/kubevirt/kubevirt/blob/v1.3.1/hack/dockerized#L15
 {{- $gitRepoName := "3p-kubevirt" }}
 {{- $gitRepoUrl := (printf "%s/%s" "deckhouse" $gitRepoName) }}
-{{- $tag := get $.Core $gitRepoName }}
-{{- $version := (split "-" $tag)._0 }}
+{{- $tag := "fix/network/net-admin" }}
+{{- $version := "v1.6.2" }}
 
 ---
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}-src-artifact
 final: false
 fromImage: builder/src
+fromCacheVersion: "2026-05-28-2"
 secrets:
 - id: SOURCE_REPO
   value: {{ $.SOURCE_REPO }}
@@ -44,6 +45,7 @@ packages:
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}
 final: false
 fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-alt-1.25" "builder/golang-alt-svace-1.25" }}
+fromCacheVersion: "2026-05-28-2"
 mount:
 {{- include "mount points for golang builds" . }}
 secrets:
diff --git a/images/virt-launcher/werf.inc.yaml b/images/virt-launcher/werf.inc.yaml
index ec23dba725..6f94efca3f 100644
--- a/images/virt-launcher/werf.inc.yaml
+++ b/images/virt-launcher/werf.inc.yaml
@@ -2,6 +2,7 @@
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}
 final: true
 fromImage: {{ .ModuleNamePrefix }}distroless
+fromCacheVersion: "2026-05-28-4"
 git:
   {{- include "image mount points" . }}
 import:
@@ -135,6 +136,7 @@ packages:
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}-binaries
 final: false
 fromImage: {{ .ModuleNamePrefix }}base-alt-p11-binaries
+fromCacheVersion: "2026-05-28-4"
 git:
   # Add qemu and virtqemud configs
   - add: {{ .ModuleDir }}/images/{{ .ImageName }}/configs
@@ -392,8 +394,9 @@ shell:
     ln -s var/run run
 
   - |
-    setcap cap_net_bind_service=+ep /relocate/usr/bin/virt-launcher-monitor
-    setcap cap_net_bind_service=+ep /relocate/usr/bin/tini
+    setcap cap_net_bind_service,cap_net_admin=+ep /relocate/usr/bin/virt-launcher-monitor
+    setcap cap_net_bind_service,cap_net_admin=+ep /relocate/usr/bin/virt-launcher
+    setcap cap_net_bind_service,cap_net_admin=+ep /relocate/usr/bin/tini
 
   # /etc/libvirt-init will be copied back into /etc/libvirt at runtime. This is necessary because we configure libvirt to mount /etc/libvirt and set readOnlyRootFilesystem for other directories.
   # DO NOT REMOVE. node-labeler.sh uses /etc/libvirt.
@@ -404,6 +407,7 @@ shell:
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}-gobuilder
 final: false
 fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-alt-1.25" "builder/golang-alt-svace-1.25" }}
+fromCacheVersion: "2026-05-28-4"
 git:
   - add: {{ .ModuleDir }}/images/{{ .ImageName }}/node-labeller
     to: /node-labeller
@@ -456,6 +460,7 @@ shell:
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}-cbuilder
 final: false
 fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-bookworm-1.25" "builder/golang-alt-svace-1.25" }}
+fromCacheVersion: "2026-05-28-4"
 git:
   - add: {{ .ModuleDir }}/images/{{ .ImageName }}/static_binaries
     to: /static_binaries