Security Alert: CVE-2026-31853 Persists in Alpine 3.23 PHP Images, Affects ImageMagick

A critical security vulnerability, CVE-2026-31853, remains unresolved in specific PHP container images, posing a persistent medium-severity risk. Automated scans confirm the flaw is still present even after rebuild attempts, indicating a systemic patching failure within the affected software supply chain. This unresolved state leaves deployments exposed to potential exploitation.

The vulnerability is rooted in outdated ImageMagick packages within the Alpine Linux 3.23.3 base image. Specifically, the `imagemagick`, `imagemagick-jpeg`, and `imagemagick-libs` packages at version `7.1.2.15-r0` are affected, with a fixed version available at `7.1.2.17-r0`. The flaw directly impacts PHP 8.5 runtime environments, including both the `cli` and `fpm` variants. Two publicly listed container images from the `ghcr.io/rafalmasiarek/php` repository are confirmed as vulnerable, carrying specific SHA256 digests that developers must check against.

This situation signals a breakdown in the standard remediation workflow. The report notes that zero hotfix scripts matched the issue, and a rebuild of the images failed to eliminate the CVE. The persistence of the vulnerability across rebuilds suggests the underlying base image or build process has not been updated to incorporate the patched packages. This creates ongoing exposure for any service or application relying on these specific container images, requiring immediate manual verification and potential base image upgrades by development and security teams.