diff --git a/patches/siderolabs/talos/0008-imager-respect-insecure-for-Overlay-and-OverlayInsta.patch b/patches/siderolabs/talos/0008-imager-respect-insecure-for-Overlay-and-OverlayInsta.patch
new file mode 100644
index 0000000..fe1ea40
--- /dev/null
+++ b/patches/siderolabs/talos/0008-imager-respect-insecure-for-Overlay-and-OverlayInsta.patch
@@ -0,0 +1,42 @@
+From e2bacf8336c63a4d11a54f3978fc15e8bf4362ce Mon Sep 17 00:00:00 2001
+From: Mathias Beaulieu-Duncan <mathias@svrnty.io>
+Date: Mon, 25 May 2026 17:20:32 -0400
+Subject: [PATCH] imager: respect --insecure for Overlay and OverlayInstaller
+ assets
+
+The --insecure flag on talosctl imager (and the imager docker image) only
+applied to BaseInstaller, ImageCache, and SystemExtensions assets.
+Overlay.Image and Input.OverlayInstaller never received ForceInsecure,
+so pulling overlay images from an insecure (HTTP) registry failed with
+'http: server gave HTTP response to HTTPS client' even when --insecure
+was passed.
+
+Set ForceInsecure on both overlay-related ContainerAsset references
+when the flag is present, matching how the other inputs are handled.
+---
+ cmd/installer/cmd/imager/root.go | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/cmd/installer/cmd/imager/root.go b/cmd/installer/cmd/imager/root.go
+index d65b56089..ea16a45b3 100644
+--- a/cmd/installer/cmd/imager/root.go
++++ b/cmd/installer/cmd/imager/root.go
+@@ -120,12 +120,14 @@ var rootCmd = &cobra.Command{
+ 					prof.Overlay = &profile.OverlayOptions{
+ 						Name: cmdFlags.OverlayName,
+ 						Image: profile.ContainerAsset{
+-							ImageRef: cmdFlags.OverlayImage,
++							ImageRef:      cmdFlags.OverlayImage,
++							ForceInsecure: cmdFlags.Insecure,
+ 						},
+ 						ExtraOptions: extraOverlayOptions,
+ 					}
+ 
+ 					prof.Input.OverlayInstaller.ImageRef = cmdFlags.OverlayImage
++					prof.Input.OverlayInstaller.ForceInsecure = cmdFlags.Insecure
+ 				}
+ 
+ 				prof.Input.SystemExtensions = xslices.Map(
+-- 
+2.50.1 (Apple Git-155)
+