CVE-2026-31839

EPSS 0.02%
Veröffentlicht 11.03.2026 16:46:22
Zuletzt bearbeitet 20.03.2026 16:56:55
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Striae is a firearms examiner's comparison companion. A high-severity integrity bypass vulnerability existed in Striae's digital confirmation workflow prior to v3.0.0. Hash-only validation trusted manifest hash fields that could be modified together with package content, allowing tampered confirmation packages to pass integrity checks. This vulnerability is fixed in 3.0.0.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Striae ≫ Striae SwPlatformnode.js Version >= 0.9.22 <= 3.0.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.034

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
security-advisories@github.com	8.2	1.8	5.8	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

CWE-354 Improper Validation of Integrity Check Value

The product does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.

https://github.com/striae-org/striae/security/advisories/GHSA-mmf8-487q-p45m

Vendor Advisory

https://github.com/striae-org/striae/releases/tag/v3.0.0

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2026-31839

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-31839

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-31839

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-31839