## Security Alert: High-Severity CVE-2026-28691 Persists in Alpine 3.23 PHP Images
A critical security vulnerability, CVE-2026-28691, remains unresolved in specific PHP container images, posing a persistent high-severity risk. Automated scans by Trivy have confirmed the flaw is still present even after rebuild attempts, indicating a systemic issue with the underlying base image. The vulnerability is rooted in outdated ImageMagick packages within the Alpine Linux 3.23.3 distribution, directly affecting PHP 8.5 environments running in both `cli` and `fpm` variants.

The flaw is tied to three specific ImageMagick packages (`imagemagick`, `imagemagick-jpeg`, `imagemagick-libs`) installed at version `7.1.2.15-r0`. The fixed version is `7.1.2.17-r0`, but the remediation process has failed. Two publicly listed container images from the `ghcr.io/rafalmasiarek/php` repository are confirmed as affected. The automated workflow reports zero matched hotfix scripts and explicitly states the CVE is still present after a rebuild, confirming the vulnerability is not being patched by standard update procedures.

This situation signals a significant supply chain security gap. Organizations and developers relying on these specific PHP 8.5 images based on Alpine 3.23 are exposed until a corrected base image or a manual patching strategy is deployed. The persistence of the flaw after rebuilds suggests the issue may be upstream in the Alpine package repositories or in the image build process itself, requiring immediate manual intervention to upgrade the vulnerable packages or switch to a secure base image to mitigate the high-severity risk.
---
- **Source**: GitHub Issues
- **Sector**: The Lab
- **Tags**: CVE, Container Security, Supply Chain, PHP, ImageMagick
- **Credibility**: unverified
- **Published**: 2026-03-31 07:27:08
- **ID**: 42633
- **URL**: https://whisperx.ai/en/intel/42633