Security Alert: CVE-2026-27456 Exposes Alpine 3.23-Based PHP Images

An automated security scan has flagged a medium-severity vulnerability, CVE-2026-27456, affecting multiple PHP container images built on the Alpine Linux 3.23 base. The flaw, detected in Alpine version 3.23.3, stems from outdated system libraries and remains unresolved in the specified images, creating a potential attack surface for any deployments using them.

The vulnerability is present in specific PHP 8.4 and 8.5 images, including both `cli` and `fpm` variants, hosted under the `ghcr.io/rafalmasiarek/php` repository. The core issue resides in three key packages—`libblkid`, `libmount`, and `libuuid`—which are pinned to a vulnerable version (`2.41.2-r0`). The fixed version for these packages is `2.41.4-r0`, indicating a known patch exists but has not been applied to these container builds.

This exposure places any service or application relying on these specific container images at risk. The affected images are directly named by their SHA256 digests, providing precise identifiers for impacted deployments. The persistence of this known vulnerability in public container images underscores a critical gap in the maintenance and security patching pipeline for this software supply chain, prompting immediate scrutiny for developers and infrastructure teams using these builds.