Egress Policy Bypass via DNS over TCP in Harden-Runner (Community Tier)
Description
Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. In versions 2.15.1 and below, the Harden-Runner that allows bypass of the egress-policy: block network restriction using DNS queries over TCP. Egress policies are enforced on GitHub runners by filtering outbound connections at the network layer. When egress-policy: block is enabled with a restrictive allowed-endpoints list (e.g., only github.com:443), all non-compliant traffic should be denied. However, DNS queries over TCP, commonly used for large responses or fallback from UDP, are not adequately restricted. Tools like dig can explicitly initiate TCP-based DNS queries (+tcp flag) without being blocked. This vulnerability requires the attacker to already have code execution capabilities within the GitHub Actions workflow. The issue has been fixed in version 2.16.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Harden-Runner Community Tier allows bypass of egress block policy via DNS over TCP, enabling data exfiltration by attackers with code execution.
Vulnerability
Description Harden-Runner, a CI/CD security agent for GitHub Actions, enforces egress policies by filtering outbound connections at the network layer. In versions 2.15.1 and below of the Community Tier, DNS queries over TCP are not adequately restricted, allowing bypass of the egress-policy: block setting when a restrictive allowed-endpoints list is configured [1][3]. This occurs because the tool fails to filter TCP-based DNS traffic, which is commonly used for large responses or fallback from UDP.
Exploitation
An attacker must already have code execution capabilities within a GitHub Actions workflow. Using tools like dig with the +tcp flag, they can initiate DNS queries over TCP to external resolvers, evading the configured network restrictions [3]. No additional authentication or network position is required beyond initial compromise.
Impact
Successful exploitation allows the attacker to perform outbound network communication that circumvents the egress block policy, potentially enabling data exfiltration or command-and-control communication with external servers [1][3]. This vulnerability affects only the Community Tier; the Enterprise Tier is not impacted.
Mitigation
The issue has been fixed in Harden-Runner version 2.16.0 [4]. Community Tier users should upgrade immediately. No workaround is available for affected versions.
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
step-security/harden-runnerGitHub Actions | < 2.16.0 | 2.16.0 |
Affected products
1- step-security/harden-runnerv5Range: < 2.16.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-g699-3x6g-wm3gghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-32946ghsaADVISORY
- github.com/step-security/harden-runner/releases/tag/v2.16.0ghsax_refsource_MISCWEB
- github.com/step-security/harden-runner/security/advisories/GHSA-g699-3x6g-wm3gghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.