Description
Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. In versions 2.15.1 and below, the Harden-Runner that allows bypass of the egress-policy: block network restriction using DNS queries over TCP. Egress policies are enforced on GitHub runners by filtering outbound connections at the network layer. When egress-policy: block is enabled with a restrictive allowed-endpoints list (e.g., only github.com:443), all non-compliant traffic should be denied. However, DNS queries over TCP, commonly used for large responses or fallback from UDP, are not adequately restricted. Tools like dig can explicitly initiate TCP-based DNS queries (+tcp flag) without being blocked. This vulnerability requires the attacker to already have code execution capabilities within the GitHub Actions workflow. The issue has been fixed in version 2.16.0.
Published: 2026-03-20
Score: 4.6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized network egress through DNS over TCP
Action: Patch
AI Analysis

Impact

Hardening agent Harden-Runner fails to enforce the egress-policy: block restriction by permitting DNS queries over TCP. An attacker who has achieved code execution within a GitHub Actions workflow can use these queries to reach endpoints that are not on the allowed‑endpoints list.

Affected Systems

Step Security's Harden-Runner Community Tier is affected in all releases up to and including 2.15.1. The vulnerability was addressed in version 2.16.0, which can be downloaded from the project’s releases.

Risk and Exploitability

The CVSS base score is 4.6, indicating moderate severity, and the EPSS score is less than 1%, suggesting a low likelihood of exploitation. Because the vulnerability requires pre‑existing code execution in the workflow, the primary risk is to insiders or compromised contributors. The vulnerability is not listed in CISA’s KEV catalog.

Generated by OpenCVE AI on March 24, 2026 at 15:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Harden-Runner to version 2.16.0 or later.
  • Verify that the egress-policy: block setting is enabled and that the allowed-endpoints list contains only trusted domains.
  • Monitor workflow logs for unexpected DNS over TCP queries.

Generated by OpenCVE AI on March 24, 2026 at 15:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-g699-3x6g-wm3g Egress Policy Bypass via DNS over TCP in Harden-Runner (Community Tier)
History

Tue, 24 Mar 2026 13:15:00 +0000

Type Values Removed Values Added
First Time appeared Stepsecurity
Stepsecurity harden-runner
CPEs cpe:2.3:a:stepsecurity:harden-runner:*:*:*:*:community:*:*:*
Vendors & Products Stepsecurity
Stepsecurity harden-runner
Metrics cvssV3_1

{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N'}

 cvssV3_1

{'score': 2.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N'}

Sat, 21 Mar 2026 05:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-791
References
Metrics threat_severity

None

 cvssV3_1

{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N'}

threat_severity

Moderate

Fri, 20 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 20 Mar 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Step Security
Step Security harden Runner
Vendors & Products Step Security
Step Security harden Runner

Fri, 20 Mar 2026 04:15:00 +0000

Type Values Removed Values Added
Description Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. In versions 2.15.1 and below, the Harden-Runner that allows bypass of the egress-policy: block network restriction using DNS queries over TCP. Egress policies are enforced on GitHub runners by filtering outbound connections at the network layer. When egress-policy: block is enabled with a restrictive allowed-endpoints list (e.g., only github.com:443), all non-compliant traffic should be denied. However, DNS queries over TCP, commonly used for large responses or fallback from UDP, are not adequately restricted. Tools like dig can explicitly initiate TCP-based DNS queries (+tcp flag) without being blocked. This vulnerability requires the attacker to already have code execution capabilities within the GitHub Actions workflow. The issue has been fixed in version 2.16.0.
Title Egress Policy Bypass via DNS over TCP in Harden-Runner (Community Tier)
Weaknesses CWE-693
CWE-863
References
Metrics cvssV4_0

{'score': 4.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N'}

Subscriptions

Step Security Harden Runner
Stepsecurity Harden-runner
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-20T15:47:42.018Z

Reserved: 2026-03-17T00:05:53.284Z

Link: CVE-2026-32946

cve-icon Vulnrichment

Updated: 2026-03-20T15:47:37.766Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-20T04:16:50.107

Modified: 2026-03-24T13:12:38.807

Link: CVE-2026-32946

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-03-20T03:58:40Z

Links: CVE-2026-32946 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:09:24Z

Weaknesses