## Security Alert: CVE-2026-28690 Persists in Alpine 3.23 PHP Images, Affects ImageMagick
A critical security vulnerability, CVE-2026-28690, remains unresolved in specific PHP container images, posing a persistent medium-severity risk. Automated scans confirm the flaw is still present even after rebuild attempts, indicating a systemic patching failure within the Alpine Linux 3.23 ecosystem. This unresolved exposure directly impacts production-ready PHP 8.5 environments, both CLI and FPM variants, leaving applications vulnerable to potential exploitation through the ImageMagick graphics library.

The vulnerability is rooted in outdated ImageMagick packages (version 7.1.2.15-r0) within the Alpine 3.23.3 base layer. The flaw affects three core packages: `imagemagick`, `imagemagick-jpeg`, and `imagemagick-libs`. The issue is confirmed in two specific public container images hosted on GitHub Container Registry (ghcr.io) under the `rafalmasiarek/php` repository. Despite remediation efforts, the CVE persists, with zero hotfix scripts successfully matched to address the underlying package versions.

This situation signals a significant supply chain security gap. Developers and organizations relying on these specific `rafalmasiarek/php:8.5` images for deployments are currently running a version with a known, unpatched vulnerability. The persistence of the flaw after a rebuild suggests the fix (`7.1.2.17-r0`) is not yet available or properly integrated into the upstream Alpine 3.23 repository, creating a dependency deadlock. This forces teams to either accept the risk, seek alternative base images, or manually patch the containers, increasing operational overhead and security scrutiny.
---
- **Source**: GitHub Issues
- **Sector**: The Lab
- **Tags**: CVE, Container Security, Supply Chain, PHP, ImageMagick
- **Credibility**: unverified
- **Published**: 2026-03-31 07:27:11
- **ID**: 42635
- **URL**: https://whisperx.ai/en/intel/42635