CVE-2026-32946

Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. In versions 2.15.1 and below, the Harden-Runner that allows bypass of the egress-policy: block network restriction using DNS queries over TCP. Egress policies are enforced on GitHub runners by filtering outbound connections at the network layer. When egress-policy: block is enabled with a restrictive allowed-endpoints list (e.g., only github.com:443), all non-compliant traffic should be denied. However, DNS queries over TCP, commonly used for large responses or fallback from UDP, are not adequately restricted. Tools like dig can explicitly initiate TCP-based DNS queries (+tcp flag) without being blocked. This vulnerability requires the attacker to already have code execution capabilities within the GitHub Actions workflow. The issue has been fixed in version 2.16.0.

CVSS v3 2.7 LOW

2.7^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/step-security/harden-runner/releases/tag/v2.16.0	Product Release Notes
https://github.com/step-security/harden-runner/security/advisories/GHSA-g699-3x6g-wm3g	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:stepsecurity:harden-runner:*:*:*:*:community:*:*:*

History

No history.

Information

Published : 2026-03-20 04:16

Updated : 2026-03-24 13:12

NVD link : CVE-2026-32946

Mitre link : CVE-2026-32946

CVE.ORG link : CVE-2026-32946

JSON object : View

Products Affected

stepsecurity

harden-runner

CWE

CWE-693

Protection Mechanism Failure

CWE-863

Incorrect Authorization

{"id": "CVE-2026-32946", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.2}], "cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 4.6, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-20T04:16:50.107", "references": [{"url": "https://github.com/step-security/harden-runner/releases/tag/v2.16.0", "tags": ["Product", "Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/step-security/harden-runner/security/advisories/GHSA-g699-3x6g-wm3g", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-693"}, {"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. In versions 2.15.1 and below, the Harden-Runner that allows bypass of the egress-policy: block network restriction using DNS queries over TCP. Egress policies are enforced on GitHub runners by filtering outbound connections at the network layer. When egress-policy: block is enabled with a restrictive allowed-endpoints list (e.g., only github.com:443), all non-compliant traffic should be denied. However, DNS queries over TCP, commonly used for large responses or fallback from UDP, are not adequately restricted. Tools like dig can explicitly initiate TCP-based DNS queries (+tcp flag) without being blocked. This vulnerability requires the attacker to already have code execution capabilities within the GitHub Actions workflow. The issue has been fixed in version 2.16.0."}, {"lang": "es", "value": "Harden-Runner es un agente de seguridad de CI/CD que funciona como un EDR para los runners de GitHub Actions. En las versiones 2.15.1 y anteriores, el Harden-Runner permite eludir la restricci\u00f3n de red 'egress-policy: block' utilizando consultas DNS sobre TCP. Las pol\u00edticas de egreso se aplican en los runners de GitHub filtrando las conexiones salientes en la capa de red. Cuando 'egress-policy: block' est\u00e1 habilitado con una lista restrictiva de puntos finales permitidos (por ejemplo, solo github.com:443), todo el tr\u00e1fico no conforme deber\u00eda ser denegado. Sin embargo, las consultas DNS sobre TCP, com\u00fanmente utilizadas para respuestas grandes o como alternativa a UDP, no est\u00e1n restringidas adecuadamente. Herramientas como dig pueden iniciar expl\u00edcitamente consultas DNS basadas en TCP (bandera +tcp) sin ser bloqueadas. Esta vulnerabilidad requiere que el atacante ya tenga capacidades de ejecuci\u00f3n de c\u00f3digo dentro del flujo de trabajo de GitHub Actions. El problema ha sido solucionado en la versi\u00f3n 2.16.0."}], "lastModified": "2026-03-24T13:12:38.807", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:stepsecurity:harden-runner:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "051DFDC1-078C-478D-84B3-3FAD24CB1FE6", "versionEndExcluding": "2.16.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}