CVE-2026-31839
HIGH
GHSA-mmf8-487q-p45m
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Lifecycle Timeline
3Description
Striae is a firearms examiner's comparison companion. A high-severity integrity bypass vulnerability existed in Striae's digital confirmation workflow prior to v3.0.0. Hash-only validation trusted manifest hash fields that could be modified together with package content, allowing tampered confirmation packages to pass integrity checks. This vulnerability is fixed in 3.0.0.
Analysis
Striae versions prior to 3.0.0 allow local attackers to bypass package integrity verification by modifying both the manifest hash and package contents simultaneously, enabling delivery of tampered firearm examination data that passes validation checks. This integrity bypass affects forensic workflows relying on Striae's digital confirmation mechanism. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all systems running Striae versions prior to 3.0.0 and assess current usage in active cases. Within 7 days: Implement manual verification procedures for all digital confirmations generated by affected systems; document workarounds and notify legal/compliance teams of potential evidence integrity concerns. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today