## Security Alert: High-Severity CVE-2026-30883 Persists in Alpine 3.23 PHP Images
A critical security vulnerability, CVE-2026-30883, remains unpatched in widely used PHP container images, posing a persistent high-severity risk. An automated Trivy scan has confirmed the flaw is still present even after rebuild attempts, indicating a systemic supply chain issue. The vulnerability is rooted in outdated ImageMagick packages within the Alpine Linux 3.23.3 base layer, directly affecting PHP 8.5 runtime environments for both CLI and FPM variants.

The flaw specifically resides in three ImageMagick packages (`imagemagick`, `imagemagick-jpeg`, `imagemagick-libs`) at version `7.1.2.15-r0`. The fixed version, `7.1.2.17-r0`, has not been successfully integrated into the downstream images. Two specific container images from the `ghcr.io/rafalmasiarek/php` repository are confirmed to be affected, carrying their full SHA256 digests. The remediation status is alarming: zero hotfix scripts matched the issue, and a rebuild of the images failed to resolve the CVE, leaving the PHP 8.5 branches for both `cli` and `fpm` variants vulnerable.

This unresolved vulnerability creates significant exposure for any deployment or service relying on these specific container images. The persistence of the flaw after a rebuild suggests a deeper dependency chain problem within the Alpine 3.23 ecosystem that automated workflows have not yet corrected. It places immediate pressure on developers and DevOps teams to manually verify their image sources and implement alternative mitigation strategies until a patched base image is available and successfully propagated.
---
- **Source**: GitHub Issues
- **Sector**: The Lab
- **Tags**: CVE, Container Security, Supply Chain, PHP, ImageMagick
- **Credibility**: unverified
- **Published**: 2026-03-31 07:27:07
- **ID**: 42632
- **URL**: https://whisperx.ai/en/intel/42632