CVE-2026-31839
Published: 11 March 2026
Summary
CVE-2026-31839 is a high-severity Improper Validation of Integrity Check Value (CWE-354) vulnerability in Striae Striae. Its CVSS base score is 8.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Subvert Trust Controls (T1553); ranked at the 3.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-7 (Software, Firmware, and Information Integrity).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires employment of proper integrity verification tools and techniques to detect unauthorized changes in confirmation packages, directly countering the flawed hash-only manifest validation.
Mandates timely flaw remediation by updating Striae to v3.0.0 or later, eliminating the integrity bypass vulnerability as specified in the security advisory.
Enforces verification of component authenticity prior to processing confirmation packages, mitigating tampering risks beyond vulnerable manifest hashes.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Integrity check bypass on manifest hashes directly enables subverting trust controls (T1553) and undetected tampering of stored package data (T1565.001) to inject falsified content that passes validation.
NVD Description
Striae is a firearms examiner's comparison companion. A high-severity integrity bypass vulnerability existed in Striae's digital confirmation workflow prior to v3.0.0. Hash-only validation trusted manifest hash fields that could be modified together with package content, allowing tampered confirmation packages to…
more
pass integrity checks. This vulnerability is fixed in 3.0.0.
Deeper analysisAI
CVE-2026-31839 is a high-severity integrity bypass vulnerability (CVSS 8.2, CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N; CWE-354) affecting Striae, an open-source tool used as a firearms examiner's comparison companion. The issue resides in the digital confirmation workflow prior to version 3.0.0, where hash-only validation improperly trusted manifest hash fields. These fields could be modified alongside the package content, enabling tampered confirmation packages to pass integrity checks without detection.
A local attacker with low-complexity methods and no privileges can exploit this vulnerability by crafting a malicious confirmation package and tricking a user into processing it via the workflow (user interaction required). Successful exploitation changes scope to high, granting high confidentiality and integrity impacts, such as injecting falsified forensic data that appears legitimate, potentially undermining ballistic comparisons or evidence validation in firearms examinations.
The vulnerability is fixed in Striae version 3.0.0, as detailed in the project's GitHub release notes (https://github.com/striae-org/striae/releases/tag/v3.0.0) and security advisory (https://github.com/striae-org/striae/security/advisories/GHSA-mmf8-487q-p45m). Security practitioners should urge users to update to v3.0.0 or later and validate packages using enhanced integrity mechanisms beyond manifest hashes.
Details
- CWE(s)