diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml
index fe3fdda85af..f69c70eb453 100644
--- a/.github/workflows/e2e.yaml
+++ b/.github/workflows/e2e.yaml
@@ -104,7 +104,8 @@ jobs:
         uses: ./.github/actions/setup-go
       - name: Install Kubectl
         run: |
-           curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
+           STABLE_VERSION=$(yq '.channels[] | select(.name == "stable") | .latest | sub("\+.*", "")' channel.yaml)
+           curl -LO "https://dl.k8s.io/release/${STABLE_VERSION}/bin/linux/amd64/kubectl"
            sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
       - name: "Download k3s binary"
         uses: actions/download-artifact@v7
diff --git a/scripts/image_scan.sh b/scripts/image_scan.sh
index 34cabc7ca1e..fc0ea9bcc0f 100755
--- a/scripts/image_scan.sh
+++ b/scripts/image_scan.sh
@@ -30,11 +30,12 @@ TRIVY_TEMPLATE='{{- $critical := 0 }}{{- $high := 0 }}
     {{- end -}}
 {{ end }}
 Vulnerabilities - Critical: {{ $critical }}, High: {{ $high }}{{ println }}'
-VEX_REPORT="rancher.openvex.json"
+VEX_REPORT="/tmp/rancher.openvex.json"
 
 # Download Rancher's VEX Hub standalone report
 curl -fsS -o ${VEX_REPORT} https://raw.githubusercontent.com/rancher/vexhub/refs/heads/main/reports/rancher.openvex.json
 
 trivy --quiet image --severity ${SEVERITIES} --vex ${VEX_REPORT} --no-progress --ignore-unfixed --format template --template "${TRIVY_TEMPLATE}" ${IMAGE}
 
+rm ${VEX_REPORT}
 exit 0