CVE-2026-25598

MEDIUM SEVERITY

Vulnerability Description

Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. Prior to 2.14.2, a security vulnerability has been identified in the Harden-Runner GitHub Action (Community Tier) that allows outbound network connections to evade audit logging. Specifically, outbound traffic using the sendto, sendmsg, and sendmmsg socket system calls can bypass detection and logging when using egress-policy: audit. This vulnerability is fixed in 2.14.2.

Vulnerability Details

Published Date

February 09, 2026

Last Modified

February 10, 2026

CWE ID

CWE-778

Source

GitHub

Vendor

actions

Product

step-security/harden-runner

External References

https://github.com/step-security/harden-runner/security/advisories/GHSA-cpmj-h4f6-r6pq
https://github.com/step-security/harden-runner/commit/5ef0c079ce82195b2a36a210272d6b661572d83e
https://github.com/step-security/harden-runner/releases/tag/v2.14.2
https://github.com/advisories/GHSA-cpmj-h4f6-r6pq

CVE-2026-25598

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment