diff --git a/.trivyignore b/.trivyignore
index 524f0629b..a4acafd48 100644
--- a/.trivyignore
+++ b/.trivyignore
@@ -33,4 +33,9 @@ CVE-2026-32776 exp:2026-04-25
 # Trivy reports CVE-2026-32776 with transposed digits (32767 instead of 32776) - this is a known Trivy bug
 # See: https://github.com/aquasecurity/trivy/discussions/10412 and UID2-6806
 # This entry can be removed once Trivy fixes the typo
-CVE-2026-32767 exp:2026-04-25
\ No newline at end of file
+CVE-2026-32767 exp:2026-04-25
+
+# libpng use-after-free and OOB read/write in Alpine base image - not used by our Java services
+# See: UID2-6837
+CVE-2026-33416 exp:2026-05-01
+CVE-2026-33636 exp:2026-05-01
\ No newline at end of file