← Retour aux CVEs
CVE-2026-31839
HIGH8.2
Description
Striae is a firearms examiner's comparison companion. A high-severity integrity bypass vulnerability existed in Striae's digital confirmation workflow prior to v3.0.0. Hash-only validation trusted manifest hash fields that could be modified together with package content, allowing tampered confirmation packages to pass integrity checks. This vulnerability is fixed in 3.0.0.
Details CVE
Score CVSS v3.18.2
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Vecteur d'attaqueLOCAL
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurREQUIRED
Publie3/11/2026
Derniere modification3/20/2026
Sourcenvd
Observations honeypot0
Produits affectes
striae:striae
Faiblesses (CWE)
CWE-354
References
https://github.com/striae-org/striae/releases/tag/v3.0.0(security-advisories@github.com)
https://github.com/striae-org/striae/security/advisories/GHSA-mmf8-487q-p45m(security-advisories@github.com)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.