## CVE-2026-22184 Unresolved in PHP 8.4 Alpine 3.23 Images Despite Rebuild, Trivy Scan Confirms
Automated security scanning has identified a persistent high-severity vulnerability affecting specific PHP 8.4 Docker images built on Alpine Linux 3.23. The vulnerability, tracked as CVE-2026-22184, centers on a known flaw in zlib version 1.3.1-r2, with a patched alternative available in version 1.3.2-r0.

The affected images include PHP 8.4 CLI and FPM variants hosted in the GitHub Container Registry under the rafalmasiarek namespace. Both the cli and fpm deployment variants carry the vulnerability. Trivy security scans confirmed that the flaw remains present even after attempted rebuilds, indicating that the underlying Alpine 3.23.3 base image still references the vulnerable zlib package version. The specific image digests affected are sha256:5c7475be4a3e338c6604572bfc55dcb83e2def293d23b6b2c146ce978d38c3ef (cli) and sha256:c4bf4602682b261d0321dcf233ea908bf057404ba6ccf1a3ca1a242c2d50f15e (fpm).

Security teams monitoring containerized PHP deployments should verify whether their infrastructure pulls from affected Alpine 3.23 base images. The persistence of this CVE after rebuilds suggests a dependency on upstream Alpine repositories that have not yet propagated the patched zlib package. Organizations running PHP 8.4 in production environments using Alpine-based containers should prioritize upgrading to base images incorporating zlib 1.3.2-r0 or later once available. The workflow triggering this detection was build-php-images (Run ID: 24780420184), linked to commit 1027935c25c8f2eef501aba85015eadf99500f90.
---
- **Source**: GitHub Issues
- **Sector**: The Lab
- **Tags**: CVE-2026-22184, zlib, Alpine 3.23, PHP 8.4, container security
- **Credibility**: unverified
- **Published**: 2026-04-22 20:27:31
- **ID**: 76074
- **URL**: https://whisperx.ai/en/intel/76074