Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.2
Striae Digital Confirmation Workflow Allows Tampered Packages
GHSA-mmf8-487q-p45m
CVE-2026-31839
Summary
A critical vulnerability in Striae's digital confirmation system allowed attackers to alter confirmation packages without being detected. This weakness put sensitive data at risk, and users who relied on digital confirmations for immutability and forensic tracking were affected. To protect your system, upgrade to Striae version 3.0.0 or later.
What to do
- Update striae-org striae to version 3.0.0.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| striae-org | striae | > 0.9.22-0 , <= 3.0.0 | 3.0.0 |
Original title
Striae has a hash validation utility vulnerability
Original description
## Summary
A high-severity integrity bypass vulnerability existed in Striae's digital confirmation workflow prior to v3.0.0. Hash-only validation trusted manifest hash fields that could be modified together with package content, allowing tampered confirmation packages to pass integrity checks.
## Impact
Confirmation package integrity could be bypassed because both content and hash values were mutable in the same trust boundary. An attacker with access to an exported package could alter confirmation data and recompute hashes so hash-only checks still passed.
This affects users relying on digital confirmations as an immutability and forensic chain-of-custody control.
## Patches
Patched in **v3.0.0**.
Upgrade to:
- `v3.0.0` or later
Security behavior added in v3.0.0:
- Server-issued asymmetric signatures for forensic manifests
- Canonical payload signature verification during import and manual hash verification
- Fail-closed behavior when signature metadata is missing or invalid
- Signature/key provenance support for audit-related workflows
## Workarounds
There is no full cryptographic workaround equivalent to upgrading.
Temporary mitigations:
- Treat hash-only validation as a tamper indicator, not proof of immutability
- Restrict package exchange to trusted authenticated internal channels
- Require out-of-band reviewer attestation for sensitive confirmation workflows
- Pause imports from untrusted sources until upgraded
A high-severity integrity bypass vulnerability existed in Striae's digital confirmation workflow prior to v3.0.0. Hash-only validation trusted manifest hash fields that could be modified together with package content, allowing tampered confirmation packages to pass integrity checks.
## Impact
Confirmation package integrity could be bypassed because both content and hash values were mutable in the same trust boundary. An attacker with access to an exported package could alter confirmation data and recompute hashes so hash-only checks still passed.
This affects users relying on digital confirmations as an immutability and forensic chain-of-custody control.
## Patches
Patched in **v3.0.0**.
Upgrade to:
- `v3.0.0` or later
Security behavior added in v3.0.0:
- Server-issued asymmetric signatures for forensic manifests
- Canonical payload signature verification during import and manual hash verification
- Fail-closed behavior when signature metadata is missing or invalid
- Signature/key provenance support for audit-related workflows
## Workarounds
There is no full cryptographic workaround equivalent to upgrading.
Temporary mitigations:
- Treat hash-only validation as a tamper indicator, not proof of immutability
- Restrict package exchange to trusted authenticated internal channels
- Require out-of-band reviewer attestation for sensitive confirmation workflows
- Pause imports from untrusted sources until upgraded
ghsa CVSS3.1
8.2
Vulnerability type
CWE-327
Use of a Broken Cryptographic Algorithm
CWE-353
CWE-354
Published: 11 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026