critical CVE-2026-22184

[jhoullier]

Our CI security gate is failing due to our base Alpine 3.23 docker image is using zlib 1.3.1-r2 version with is containing a critical CVE (CVE-2026-22184) see:
https://scout.docker.com/vulnerabilities/id/CVE-2026-22184?s=alpine&n=zlib&ns=alpine&t=apk&osn=alpine&osv=3.23&vr=%3C%3D1.3.1-r2

I'm not sure if you are aware of it, so i prefer to create an issue.
Best regards

[madler]

Sigh. The CVE is wrong, as the vulnerability is not in zlib. See #1142

[Neustradamus]

I have done a ticket to solve it:

• Separate contrib from main source code (CVE or other vulnerability will not linked to main zlib project) #1155

[NiKiZe]

I have done a ticket to solve it:

• Separate contrib from main source code (CVE or other vulnerability will not linked to main zlib project) #1155

Sorry but solve what? The CVE is just plain wrong in pointing it to zlib, since it is not zlib.