CVE-2026-31839: Striae has a hash validation utility vulnerability

March 11, 2026

A high-severity integrity bypass vulnerability existed in Striae’s digital confirmation workflow prior to v3.0.0. Hash-only validation trusted manifest hash fields that could be modified together with package content, allowing tampered confirmation packages to pass integrity checks.

References

github.com/advisories/GHSA-mmf8-487q-p45m
github.com/striae-org/striae
github.com/striae-org/striae/releases/tag/v3.0.0
github.com/striae-org/striae/security/advisories/GHSA-mmf8-487q-p45m
nvd.nist.gov/vuln/detail/CVE-2026-31839

Code Behaviors & Features

Detect and mitigate CVE-2026-31839 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →