GHSA-46G3-37RH-V698

Vulnerability from github – Published: 2026-03-17 18:38 – Updated: 2026-03-20 21:21
VLAI?
Summary
Egress Policy Bypass via DNS over HTTPS (DoH) in Harden-Runner (Community Tier)
Details

Summary

A vulnerability exists in the Community Tier of Harden-Runner that allows bypassing the egress-policy: block network restriction using DNS over HTTPS (DoH).

Harden-Runner secures GitHub Actions workflows on runners by applying network policies, including an allowed-endpoints configuration that limits outbound traffic to specified domains and ports (e.g., github.com:443). In egress-policy: block mode, non-compliant connections are intercepted and denied.

This vulnerability exploits DoH, a protocol that encapsulates DNS queries within HTTPS requests. By crafting a DNS query that embeds exfiltrated data as a subdomain (e.g., encoding the runner's hostname into a label), an attacker can route the request through a permitted HTTPS endpoint like dns.google (8.8.8.8's DoH service). The resolver processes the query and forwards it to the attacker's controlled domain, achieving exfiltration without directly accessing the blocked destination. This evades Harden-Runner's domain-based filtering, as the initial HTTPS connection appears legitimate.

This vulnerability requires the attacker to already have code execution capabilities within the GitHub Actions workflow.

The Enterprise Tier of Harden-Runner is not affected by this vulnerability.

Impact

When Harden-Runner is configured with egress-policy: block and a restrictive allowed-endpoints list, an attacker with existing code execution capabilities within a GitHub Actions workflow can bypass the allowed domains check via DNS over HTTPS by proxying DNS queries through a permitted resolver (e.g., Google's DoH service). This allows data exfiltration even when allowed-endpoints is set to only whitelisted domains.

This vulnerability affects only the Community Tier. It requires the attacker to already have code execution capabilities within the GitHub Actions workflow.

Remediation

For Community Tier Users

Upgrade to Harden-Runner v2.16.0 or later.

For Enterprise Tier Users

No action required. Enterprise tier customers are not affected by this vulnerability.

Credit

We would like to thank Devansh Batham for responsibly disclosing this vulnerability through our security reporting process.

Severity ?
4.6 (Medium)
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
Show details on source website
To clipboard 

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2.15.1"
      },
      "package": {
        "ecosystem": "GitHub Actions",
        "name": "step-security/harden-runner"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.16.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-32947"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-693",
      "CWE-863"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-17T18:38:16Z",
    "nvd_published_at": "2026-03-20T05:16:13Z",
    "severity": "MODERATE"
  },
  "details": "## Summary\n\nA vulnerability exists in the Community Tier of Harden-Runner that allows bypassing the `egress-policy: block` network restriction using DNS over HTTPS (DoH).\n\nHarden-Runner secures GitHub Actions workflows on runners by applying network policies, including an `allowed-endpoints` configuration that limits outbound traffic to specified domains and ports (e.g., `github.com:443`). In `egress-policy: block` mode, non-compliant connections are intercepted and denied. \n\nThis vulnerability exploits DoH, a protocol that encapsulates DNS queries within HTTPS requests. By crafting a DNS query that embeds exfiltrated data as a subdomain (e.g., encoding the runner\u0027s hostname into a label), an attacker can route the request through a permitted HTTPS endpoint like `dns.google` (`8.8.8.8`\u0027s DoH service). The resolver processes the query and forwards it to the attacker\u0027s controlled domain, achieving exfiltration without directly accessing the blocked destination. This evades Harden-Runner\u0027s domain-based filtering, as the initial HTTPS connection appears legitimate. \n\nThis vulnerability requires the attacker to already have code execution capabilities within the GitHub Actions workflow.\n\nThe Enterprise Tier of Harden-Runner is **not affected** by this vulnerability.\n\n## Impact\n\nWhen Harden-Runner is configured with `egress-policy: block` and a restrictive `allowed-endpoints` list, an attacker with existing code execution capabilities within a GitHub Actions workflow can bypass the allowed domains check via DNS over HTTPS by proxying DNS queries through a permitted resolver (e.g., Google\u0027s DoH service). This allows data exfiltration even when `allowed-endpoints` is set to only whitelisted domains.\n\nThis vulnerability affects only the Community Tier. It requires the attacker to already have code execution capabilities within the GitHub Actions workflow.\n\n## Remediation\n\n### For Community Tier Users\n\nUpgrade to Harden-Runner v2.16.0 or later. \n\n### For Enterprise Tier Users\n\nNo action required. Enterprise tier customers are not affected by this vulnerability.\n\n## Credit \n\nWe would like to thank [Devansh Batham](https://github.com/devanshbatham) for responsibly disclosing this vulnerability through our security reporting process.",
  "id": "GHSA-46g3-37rh-v698",
  "modified": "2026-03-20T21:21:35Z",
  "published": "2026-03-17T18:38:16Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/step-security/harden-runner/security/advisories/GHSA-46g3-37rh-v698"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32947"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/step-security/harden-runner"
    },
    {
      "type": "WEB",
      "url": "https://github.com/step-security/harden-runner/releases/tag/v2.16.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Egress Policy Bypass via DNS over HTTPS (DoH) in Harden-Runner (Community Tier)"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.