## Security Alert: CVE-2026-28692 Persists in Alpine 3.23 PHP Images, Automated Fix Fails
An automated security scan has flagged a persistent medium-severity vulnerability, CVE-2026-28692, within critical PHP container images. The flaw, linked to outdated ImageMagick libraries, remains unresolved even after attempted rebuilds, indicating a systemic patching failure in the software supply chain. This leaves specific PHP 8.5 runtime environments—both `cli` and `fpm` variants—exposed to potential exploitation.

The vulnerability is rooted in the Alpine Linux 3.23.3 base image, affecting the `imagemagick`, `imagemagick-jpeg`, and `imagemagick-libs` packages. These components remain stuck at version `7.1.2.15-r0`, while the patched version `7.1.2.17-r0` is available. Two publicly listed container images from the `ghcr.io/rafalmasiarek/php` repository are confirmed as affected. Crucially, automated remediation scripts have failed to apply a hotfix, and a subsequent rebuild of the images did not eliminate the CVE, confirming the vulnerability's persistence.

This incident highlights a critical gap in container security maintenance, where automated tools can detect but not resolve vulnerabilities due to upstream dependencies. The failure to patch places any service or application built on these specific PHP 8.5 images at continued risk. It signals pressure on maintainers of Alpine-based images to urgently validate and update their build pipelines, as reliance on outdated base layers can propagate security flaws across countless deployments.
---
- **Source**: GitHub Issues
- **Sector**: The Lab
- **Tags**: CVE, Container Security, Supply Chain, PHP, ImageMagick
- **Credibility**: unverified
- **Published**: 2026-03-31 07:27:10
- **ID**: 42634
- **URL**: https://whisperx.ai/en/intel/42634