CVE-2026-31839

HIGH

Striae <3.0.0 - Integrity Bypass

Title source: llm

Description

Striae is a firearms examiner's comparison companion. A high-severity integrity bypass vulnerability existed in Striae's digital confirmation workflow prior to v3.0.0. Hash-only validation trusted manifest hash fields that could be modified together with package content, allowing tampered confirmation packages to pass integrity checks. This vulnerability is fixed in 3.0.0.

References (2)

[Vendor Advisory] https://github.com/striae-org/striae/security/advisories/GHSA-mmf8-487q-p45m

[Release Notes] https://github.com/striae-org/striae/releases/tag/v3.0.0

Scores

CVSS v3 8.2

EPSS 0.0002

EPSS Percentile 3.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-354

Status published

Products (1)

striae/striae 0.9.22 - 3.0.0

Published Mar 11, 2026

Tracked Since Mar 12, 2026