Search criteria
1 vulnerability by striae
CVE-2026-31839 (GCVE-0-2026-31839)
Vulnerability from cvelistv5 – Published: 2026-03-11 16:46 – Updated: 2026-03-11 17:07
VLAI
Title
Striae has a hash validation utility vulnerability
Summary
Striae is a firearms examiner's comparison companion. A high-severity integrity bypass vulnerability existed in Striae's digital confirmation workflow prior to v3.0.0. Hash-only validation trusted manifest hash fields that could be modified together with package content, allowing tampered confirmation packages to pass integrity checks. This vulnerability is fixed in 3.0.0.
Severity
8.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-354 - Improper Validation of Integrity Check Value
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/striae-org/striae/security/adv… | x_refsource_CONFIRM |
| https://github.com/striae-org/striae/releases/tag… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| striae-org | striae |
Affected:
>= 0.9.22-0, < 3.0.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-31839",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-11T17:06:57.326835Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T17:07:35.742Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "striae",
"vendor": "striae-org",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.9.22-0, \u003c 3.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Striae is a firearms examiner\u0027s comparison companion. A high-severity integrity bypass vulnerability existed in Striae\u0027s digital confirmation workflow prior to v3.0.0. Hash-only validation trusted manifest hash fields that could be modified together with package content, allowing tampered confirmation packages to pass integrity checks. This vulnerability is fixed in 3.0.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-354",
"description": "CWE-354: Improper Validation of Integrity Check Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T16:46:22.132Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/striae-org/striae/security/advisories/GHSA-mmf8-487q-p45m",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/striae-org/striae/security/advisories/GHSA-mmf8-487q-p45m"
},
{
"name": "https://github.com/striae-org/striae/releases/tag/v3.0.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/striae-org/striae/releases/tag/v3.0.0"
}
],
"source": {
"advisory": "GHSA-mmf8-487q-p45m",
"discovery": "UNKNOWN"
},
"title": "Striae has a hash validation utility vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-31839",
"datePublished": "2026-03-11T16:46:22.132Z",
"dateReserved": "2026-03-09T17:41:56.078Z",
"dateUpdated": "2026-03-11T17:07:35.742Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}