VYPR
← All advisories
Moderate severityNVD Advisory· Published Feb 9, 2026· Updated Feb 10, 2026

Bypassing Logging of Outbound Connections Using sendto, sendmsg, and sendmmsg in Harden-Runner (Community Tier)

CVE-2026-25598

Description

Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. Prior to 2.14.2, a security vulnerability has been identified in the Harden-Runner GitHub Action (Community Tier) that allows outbound network connections to evade audit logging. Specifically, outbound traffic using the sendto, sendmsg, and sendmmsg socket system calls can bypass detection and logging when using egress-policy: audit. This vulnerability is fixed in 2.14.2.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Harden-Runner Community Tier prior to 2.14.2 fails to audit outbound UDP traffic via sendto/sendmsg/sendmmsg syscalls, allowing attackers with code execution to bypass egress monitoring.

Vulnerability

Overview

A security vulnerability in Harden-Runner Community Tier (prior to v2.14.2) allows outbound network connections to evade audit logging when the egress policy is set to audit. The root cause is incomplete monitoring coverage of the sendto, sendmsg, and sendmmsg socket system calls, which are used to send UDP traffic. This flaw does not affect the block mode or the Enterprise Tier [2][3].

Exploitation

Prerequisites

Exploitation requires the attacker to already have code execution capabilities within the GitHub Actions workflow, for example through workflow injection or compromised dependencies. With that access, an attacker can compile and execute native code that invokes the unmonitored syscalls to establish covert communication channels [3].

Impact

When Harden-Runner is configured in audit mode, an attacker can send outbound network traffic without generating audit logs, effectively bypassing network monitoring for UDP-based communications. This undermines the audit logging feature intended to detect malicious egress activity [2][3].

Mitigation

The vulnerability is fixed in Harden-Runner v2.14.2. Users of the Community Tier should upgrade immediately. The Enterprise Tier is not affected, and the block egress policy remains effective against this bypass [3][4].

References
  1. NVD - CVE-2026-25598
  2. Bypassing Logging of Outbound Connections Using sendto, sendmsg, and sendmmsg in Harden-Runner (Community Tier)
  3. Release v2.14.2 · step-security/harden-runner

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
step-security/harden-runnerGitHub Actions
< 2.14.22.14.2

Affected products

1
  • step-security/harden-runnerv5
    Range: < 2.14.2

Patches

1
5ef0c079ce82

Merge pull request #635 from step-security/rc-34

https://github.com/step-security/harden-runnerVarun SharmaFeb 7, 2026via ghsa
commit
4 files changed · +5 5
  • dist/pre/index.js+2 2 modified
    @@ -85499,7 +85499,7 @@ const CHECKSUMS = {
         arm64: "f9192788e86b2e44b795f072e8cc03eec9852649609aeedac0761d3b67c991fa",
     },
     non_tls: {
-        amd64: "336093af8ebe969567b66fd035af3bd4f7e1c723ce680d6b4b5b2a1f79bc329e", // v0.14.2
+        amd64: "23715f2485c16e2a2ad116abf0fe8443788c62e4f5f224c5858b0b41b591fc89", // v0.14.3
     },
 };
 function verifyChecksum(downloadPath, isTLS, variant) {
@@ -85556,7 +85556,7 @@ function installAgent(isTLS, configStr) {
                 console.log(ARM64_RUNNER_MESSAGE);
                 return false;
             }
-            downloadPath = yield tool_cache.downloadTool("https://github.com/step-security/agent/releases/download/v0.14.2/agent_0.14.2_linux_amd64.tar.gz", undefined, auth);
+            downloadPath = yield tool_cache.downloadTool("https://github.com/step-security/agent/releases/download/v0.14.3/agent_0.14.3_linux_amd64.tar.gz", undefined, auth);
         }
         verifyChecksum(downloadPath, isTLS, variant);
         const extractPath = yield tool_cache.extractTar(downloadPath);
  • dist/pre/index.js.map+1 1 modified
  • src/checksum.ts+1 1 modified
    @@ -8,7 +8,7 @@ const CHECKSUMS = {
     arm64: "f9192788e86b2e44b795f072e8cc03eec9852649609aeedac0761d3b67c991fa",
   },
   non_tls: {
-    amd64: "336093af8ebe969567b66fd035af3bd4f7e1c723ce680d6b4b5b2a1f79bc329e", // v0.14.2
+    amd64: "23715f2485c16e2a2ad116abf0fe8443788c62e4f5f224c5858b0b41b591fc89", // v0.14.3
   },
 };
  • src/install-agent.ts+1 1 modified
    @@ -35,7 +35,7 @@ export async function installAgent(
       return false;
     }
     downloadPath = await tc.downloadTool(
-      "https://github.com/step-security/agent/releases/download/v0.14.2/agent_0.14.2_linux_amd64.tar.gz",
+      "https://github.com/step-security/agent/releases/download/v0.14.3/agent_0.14.3_linux_amd64.tar.gz",
       undefined,
       auth
     );

Vulnerability mechanics

Root cause

"The Harden-Runner agent prior to 2.14.2 failed to properly monitor and log outbound traffic initiated via `sendto`, `sendmsg`, and `sendmmsg` system calls."

Attack vector

An attacker can evade audit logging in Harden-Runner when `egress-policy: audit` is enabled. By utilizing `sendto`, `sendmsg`, or `sendmmsg` socket system calls, outbound network traffic bypasses the security agent's detection mechanisms. This allows unauthorized network communication to occur without being recorded by the CI/CD security agent.

Affected code

The vulnerability affects the Harden-Runner agent, specifically the versioning and installation logic within `src/install-agent.ts` and `dist/pre/index.js`. The patch updates the agent binary from version 0.14.2 to 0.14.3 to address the issue [patch_id=31542].

What the fix does

The patch updates the Harden-Runner agent to version 0.14.3 by modifying the download URLs and checksums in `src/install-agent.ts`, `src/checksum.ts`, and `dist/pre/index.js` [patch_id=31542]. While the provided diffs only show the update to the agent binary, this update is identified as the fix for the vulnerability where socket system calls could bypass audit logging. The advisory confirms that this version addresses the identified evasion issue.

Preconditions

  • configHarden-Runner is configured with `egress-policy: audit`.

Generated on May 11, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

5

News mentions

0

No linked articles in our index yet.