Egress Policy Bypass via DNS over HTTPS (DoH) in Harden-Runner (Community Tier)
Description
Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. In versions 2.15.1 and below, a DNS over HTTPS (DoH) vulnerability allows attackers to bypass egress-policy: block network restrictions by tunneling exfiltrated data through permitted HTTPS endpoints like dns.google. The attack works by encoding sensitive data (e.g., the runner's hostname) as subdomains in DoH queries, which appear as legitimate HTTPS traffic to Harden-Runner's domain-based filtering but are ultimately forwarded to an attacker-controlled domain. This effectively enables data exfiltration without directly connecting to any blocked destination. Exploitation requires the attacker to already have code execution within the GitHub Actions workflow. The issue was fixed in version 2.16.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Harden-Runner Community Tier allows egress policy bypass via DNS over HTTPS, enabling data exfiltration through permitted resolvers.
Vulnerability
Overview
CVE-2026-32947 is a medium-severity vulnerability in the Community Tier of Harden-Runner, a CI/CD security agent for GitHub Actions runners. The flaw resides in how Harden-Runner handles DNS over HTTPS (DoH) traffic. In versions prior to 2.16.0, DoH queries are not distinguished from legitimate HTTPS traffic, allowing an attacker to tunnel exfiltrated data through permitted resolvers like dns.google [1][3].
Exploitation
Method
To exploit this, an attacker must already have arbitrary code execution within the GitHub Actions workflow. By encoding sensitive data (e.g., the runner's hostname or secrets) as subdomains in a DoH query, the request appears to Harden-Runner's domain-based filtering as a legitimate HTTPS connection to an allowed endpoint. The resolver processes the query and forwards the subdomain data to an attacker-controlled domain, achieving exfiltration without directly connecting to a blocked destination [1][3].
Impact
Successful exploitation allows an attacker to bypass the egress-policy: block restriction and exfiltrate data from the runner even when a restrictive allowed-endpoints list is configured. This undermines the core network isolation Harden-Runner is designed to enforce. The vulnerability only affects the Community Tier; Enterprise Tier customers are not impacted [3][4].
Mitigation
The issue is fixed in version 2.16.0 of Harden-Runner [4]. Users of the Community Tier are strongly advised to upgrade immediately. No workarounds are documented, and the vendor recommends upgrading as the sole remediation [3].
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
step-security/harden-runnerGitHub Actions | < 2.16.0 | 2.16.0 |
Affected products
2- Range: <=2.15.1
- step-security/harden-runnerv5Range: < 2.16
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-46g3-37rh-v698ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-32947ghsaADVISORY
- github.com/step-security/harden-runner/releases/tag/v2.16.0ghsax_refsource_MISCWEB
- github.com/step-security/harden-runner/security/advisories/GHSA-46g3-37rh-v698ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.