The newest release of Kulupu is not vulnerable to the DoS vector mentioned in Polkadot v0.8.26-1 release note. You can continue to use Kulupu node version v2.3.0.
We always update all crate packages to its newest possible version every time when we update Substrate, so it just happens that we already bumped past the vulnerable package since last release in October. Watch Polkadot development channels if you want to learn more about this DoS vector.
Core developer at Parity Technologies, working on Substrate, Polkadot and Ethereum.
Core Paper's Mastodon server.