diff --git a/.changelog/2204.txt b/.changelog/2204.txt
new file mode 100644
index 0000000000..6962f485a0
--- /dev/null
+++ b/.changelog/2204.txt
@@ -0,0 +1,3 @@
+```release-note:security
+Bump Dockerfile base image for RedHat UBI `consul-k8s-control-plane` image to `ubi-minimal:9.2`. 
+```
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 43194ea7bf..52f94ec71c 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -164,7 +164,7 @@ jobs:
         if: ${{ matrix.goos == 'linux' && matrix.component == 'cli' && matrix.goarch == 'amd64'}}
         uses: addnab/docker-run-action@v3  # TSCCR: no entry for repository "addnab/docker-run-action"
         with:
-          image: registry.access.redhat.com/ubi8/ubi:latest
+          image: registry.access.redhat.com/ubi9/ubi:latest
           options: -v ${{ github.workspace }}:/work
           run: |
             dnf install -qy openssl
diff --git a/control-plane/Dockerfile b/control-plane/Dockerfile
index f9c4936b29..a870e20e2b 100644
--- a/control-plane/Dockerfile
+++ b/control-plane/Dockerfile
@@ -120,7 +120,7 @@ CMD /bin/${BIN_NAME}
 # We don't rebuild the software because we want the exact checksums and
 # binary signatures to match the software and our builds aren't fully
 # reproducible currently.
-FROM registry.access.redhat.com/ubi9-minimal:9.1.0 as ubi
+FROM registry.access.redhat.com/ubi9-minimal:9.2 as ubi
 
 ARG PRODUCT_NAME
 ARG PRODUCT_VERSION