{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32946", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-17T00:05:53.284Z", "datePublished": "2026-03-20T03:58:40.557Z", "dateUpdated": "2026-03-20T15:47:42.018Z"}, "containers": {"cna": {"title": "Egress Policy Bypass via DNS over TCP in Harden-Runner (Community Tier)", "problemTypes": [{"descriptions": [{"cweId": "CWE-693", "lang": "en", "description": "CWE-693: Protection Mechanism Failure", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-863", "lang": "en", "description": "CWE-863: Incorrect Authorization", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/step-security/harden-runner/security/advisories/GHSA-g699-3x6g-wm3g", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/step-security/harden-runner/security/advisories/GHSA-g699-3x6g-wm3g"}, {"name": "https://github.com/step-security/harden-runner/releases/tag/v2.16.0", "tags": ["x_refsource_MISC"], "url": "https://github.com/step-security/harden-runner/releases/tag/v2.16.0"}], "affected": [{"vendor": "step-security", "product": "harden-runner", "versions": [{"version": "< 2.16.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-20T03:58:40.557Z"}, "descriptions": [{"lang": "en", "value": "Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. In versions 2.15.1 and below, the Harden-Runner that allows bypass of the egress-policy: block network restriction using DNS queries over TCP. Egress policies are enforced on GitHub runners by filtering outbound connections at the network layer. When egress-policy: block is enabled with a restrictive allowed-endpoints list (e.g., only github.com:443), all non-compliant traffic should be denied. However, DNS queries over TCP, commonly used for large responses or fallback from UDP, are not adequately restricted. Tools like dig can explicitly initiate TCP-based DNS queries (+tcp flag) without being blocked. This vulnerability requires the attacker to already have code execution capabilities within the GitHub Actions workflow. The issue has been fixed in version 2.16.0."}], "source": {"advisory": "GHSA-g699-3x6g-wm3g", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-20T15:47:30.696684Z", "id": "CVE-2026-32946", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-20T15:47:42.018Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32946", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-20T15:47:30.696684Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-20T15:47:37.766Z"}}], "cna": {"title": "Egress Policy Bypass via DNS over TCP in Harden-Runner (Community Tier)", "source": {"advisory": "GHSA-g699-3x6g-wm3g", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.6, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "NONE"}}], "affected": [{"vendor": "step-security", "product": "harden-runner", "versions": [{"status": "affected", "version": "< 2.16.0"}]}], "references": [{"url": "https://github.com/step-security/harden-runner/security/advisories/GHSA-g699-3x6g-wm3g", "name": "https://github.com/step-security/harden-runner/security/advisories/GHSA-g699-3x6g-wm3g", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/step-security/harden-runner/releases/tag/v2.16.0", "name": "https://github.com/step-security/harden-runner/releases/tag/v2.16.0", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. In versions 2.15.1 and below, the Harden-Runner that allows bypass of the egress-policy: block network restriction using DNS queries over TCP. Egress policies are enforced on GitHub runners by filtering outbound connections at the network layer. When egress-policy: block is enabled with a restrictive allowed-endpoints list (e.g., only github.com:443), all non-compliant traffic should be denied. However, DNS queries over TCP, commonly used for large responses or fallback from UDP, are not adequately restricted. Tools like dig can explicitly initiate TCP-based DNS queries (+tcp flag) without being blocked. This vulnerability requires the attacker to already have code execution capabilities within the GitHub Actions workflow. The issue has been fixed in version 2.16.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-693", "description": "CWE-693: Protection Mechanism Failure"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-863", "description": "CWE-863: Incorrect Authorization"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-20T03:58:40.557Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32946", "state": "PUBLISHED", "dateUpdated": "2026-03-20T15:47:42.018Z", "dateReserved": "2026-03-17T00:05:53.284Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-20T03:58:40.557Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:stepsecurity:harden-runner:*:*:*:*:community:*:*:*", "matchCriteriaId": "051DFDC1-078C-478D-84B3-3FAD24CB1FE6", "versionEndExcluding": "2.16.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. In versions 2.15.1 and below, the Harden-Runner that allows bypass of the egress-policy: block network restriction using DNS queries over TCP. Egress policies are enforced on GitHub runners by filtering outbound connections at the network layer. When egress-policy: block is enabled with a restrictive allowed-endpoints list (e.g., only github.com:443), all non-compliant traffic should be denied. However, DNS queries over TCP, commonly used for large responses or fallback from UDP, are not adequately restricted. Tools like dig can explicitly initiate TCP-based DNS queries (+tcp flag) without being blocked. This vulnerability requires the attacker to already have code execution capabilities within the GitHub Actions workflow. The issue has been fixed in version 2.16.0."}, {"lang": "es", "value": "Harden-Runner es un agente de seguridad de CI/CD que funciona como un EDR para los runners de GitHub Actions. En las versiones 2.15.1 y anteriores, el Harden-Runner permite eludir la restricci\u00f3n de red 'egress-policy: block' utilizando consultas DNS sobre TCP. Las pol\u00edticas de egreso se aplican en los runners de GitHub filtrando las conexiones salientes en la capa de red. Cuando 'egress-policy: block' est\u00e1 habilitado con una lista restrictiva de puntos finales permitidos (por ejemplo, solo github.com:443), todo el tr\u00e1fico no conforme deber\u00eda ser denegado. Sin embargo, las consultas DNS sobre TCP, com\u00fanmente utilizadas para respuestas grandes o como alternativa a UDP, no est\u00e1n restringidas adecuadamente. Herramientas como dig pueden iniciar expl\u00edcitamente consultas DNS basadas en TCP (bandera +tcp) sin ser bloqueadas. Esta vulnerabilidad requiere que el atacante ya tenga capacidades de ejecuci\u00f3n de c\u00f3digo dentro del flujo de trabajo de GitHub Actions. El problema ha sido solucionado en la versi\u00f3n 2.16.0."}], "id": "CVE-2026-32946", "lastModified": "2026-03-24T13:12:38.807", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-20T04:16:50.107", "references": [{"source": "security-advisories@github.com", "tags": ["Product", "Release Notes"], "url": "https://github.com/step-security/harden-runner/releases/tag/v2.16.0"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/step-security/harden-runner/security/advisories/GHSA-g699-3x6g-wm3g"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-693"}, {"lang": "en", "value": "CWE-863"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "step-security/harden-runner: Harden-Runner: Egress policy bypass via DNS over TCP", "id": "2449438", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449438"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "status": "draft"}, "cwe": "CWE-791", "details": ["A flaw was found in Harden-Runner, a security agent for GitHub Actions runners. An attacker with existing code execution capabilities within a GitHub Actions workflow can bypass network egress policies, which are security measures designed to control outbound network connections. This bypass occurs by utilizing DNS queries over TCP, allowing unauthorized network communication despite restrictive egress policies."], "name": "CVE-2026-32946", "package_state": [{"cpe": "cpe:/a:redhat:external_secrets_operator:1", "fix_state": "Fix deferred", "package_name": "external-secrets-operator/bitwarden-sdk-server-rhel9", "product_name": "External Secrets Operator for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:external_secrets_operator:1", "fix_state": "Fix deferred", "package_name": "external-secrets-operator/external-secrets-operator-bundle", "product_name": "External Secrets Operator for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:external_secrets_operator:1", "fix_state": "Fix deferred", "package_name": "external-secrets-operator/external-secrets-operator-rhel9", "product_name": "External Secrets Operator for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:external_secrets_operator:1", "fix_state": "Fix deferred", "package_name": "external-secrets-operator/external-secrets-rhel9", "product_name": "External Secrets Operator for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:gatekeeper:3", "fix_state": "Fix deferred", "package_name": "gatekeeper/gatekeeper-rhel9", "product_name": "Gatekeeper 3"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Out of support scope", "package_name": "multicluster-engine/addon-manager-rhel9", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Out of support scope", "package_name": "multicluster-engine/placement-rhel9", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Out of support scope", "package_name": "multicluster-engine/registration-operator-rhel9", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Out of support scope", "package_name": "multicluster-engine/registration-rhel9", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Out of support scope", "package_name": "multicluster-engine/work-rhel9", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:windows_machine_config", "fix_state": "Fix deferred", "package_name": "openshift4-wincw/windows-machine-config-operator-bundle", "product_name": "Red Hat OpenShift for Windows Containers"}, {"cpe": "cpe:/a:redhat:windows_machine_config", "fix_state": "Fix deferred", "package_name": "openshift4-wincw/windows-machine-config-rhel9-operator", "product_name": "Red Hat OpenShift for Windows Containers"}], "public_date": "2026-03-20T03:58:40Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-32946\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-32946\nhttps://github.com/step-security/harden-runner/releases/tag/v2.16.0\nhttps://github.com/step-security/harden-runner/security/advisories/GHSA-g699-3x6g-wm3g"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.16.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "harden-runner", "source": "cna", "vendor": "step-security"}, "product": "harden_runner", "vendor": "step_security"}], "analysis": {"en": {"generated_at": "2026-03-24T15:26:44.785553+00:00", "value": {"mitigation_remediation": ["Upgrade Harden-Runner to version 2.16.0 or later.", "Verify that the egress-policy: block setting is enabled and that the allowed-endpoints list contains only trusted domains.", "Monitor workflow logs for unexpected DNS over TCP queries."], "summary": {"action": "Patch", "impact": "Unauthorized network egress through DNS over TCP"}, "threat_synthesis": {"affected_systems": "Step Security's Harden-Runner Community Tier is affected in all releases up to and including 2.15.1. The vulnerability was addressed in version 2.16.0, which can be downloaded from the project\u2019s releases.", "description_and_impact": "Hardening agent Harden-Runner fails to enforce the egress-policy: block restriction by permitting DNS queries over TCP. An attacker who has achieved code execution within a GitHub Actions workflow can use these queries to reach endpoints that are not on the allowed\u2011endpoints list.", "risk_and_exploitability": "The CVSS base score is 4.6, indicating moderate severity, and the EPSS score is less than 1%, suggesting a low likelihood of exploitation. Because the vulnerability requires pre\u2011existing code execution in the workflow, the primary risk is to insiders or compromised contributors. The vulnerability is not listed in CISA\u2019s KEV catalog."}}}}, "created": "2026-03-20T08:52:44.109373+00:00", "updated": "2026-03-25T14:09:24.631901+00:00", "vendors": ["step_security", "step_security$PRODUCT$harden_runner"]}