CVE-2026-31839

Name of the Vulnerable Software and Affected Versions Striae versions prior to 3.0.0

Description Striae is a firearms examiner's comparison companion. A high-severity integrity bypass issue existed in the digital confirmation workflow. The validation process relied on hash values from the package manifest, which could be altered alongside the package content. This allowed manipulated confirmation packages to pass integrity checks. The issue affects users who depend on digital confirmations for immutability and chain-of-custody control. An attacker with access to an exported package could modify confirmation data and recalculate hashes, bypassing hash-only checks.

Recommendations Upgrade to version 3.0.0 or later. Treat hash-only validation as a tamper indicator, not proof of immutability. Restrict package exchange to trusted authenticated internal channels. Require out-of-band reviewer attestation for sensitive confirmation workflows. Pause imports from untrusted sources until upgraded.