diff --git a/.trivyignore b/.trivyignore
index 10b5fdf25..4d00158a3 100644
--- a/.trivyignore
+++ b/.trivyignore
@@ -14,4 +14,8 @@ CVE-2026-1584 exp:2026-08-27
 
 # jackson-core async parser DoS - not exploitable, services only use synchronous ObjectMapper API
 # See: UID2-6670
-GHSA-72hv-8253-57qq exp:2026-09-01
\ No newline at end of file
+GHSA-72hv-8253-57qq exp:2026-09-01
+
+# libpng heap buffer overflow in Alpine base image - fixed version not yet available in Alpine 3.23
+# See: UID2-6677
+CVE-2026-25646 exp:2026-09-02
\ No newline at end of file