Striae
CVE-2026-31839
HIGH
Severity by source
AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Lifecycle Timeline
3DescriptionGitHub Advisory
Striae is a firearms examiner's comparison companion. A high-severity integrity bypass vulnerability existed in Striae's digital confirmation workflow prior to v3.0.0. Hash-only validation trusted manifest hash fields that could be modified together with package content, allowing tampered confirmation packages to pass integrity checks. This vulnerability is fixed in 3.0.0.
AnalysisAI
Striae versions prior to 3.0.0 allow local attackers to bypass package integrity verification by modifying both the manifest hash and package contents simultaneously, enabling delivery of tampered firearm examination data that passes validation checks. This integrity bypass affects forensic workflows relying on Striae's digital confirmation mechanism. No patch is currently available for affected installations.
Technical ContextAI
Striae is a firearms examiner's comparison companion. A high-severity integrity bypass vulnerability existed in Striae's digital confirmation workflow prior to v3.0.0. Hash-only validation trusted manifest hash fields that could be modified together with package content, allowing tampered confirmation packages to pass integrity checks. This vulnerability is fixed in 3.0.0.
RemediationAI
Fixed in version 3.0.0..
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-mmf8-487q-p45m