CVE-2026-32946 Overview
CVE-2026-32946 is a security bypass vulnerability in StepSecurity Harden-Runner, a CI/CD security agent designed to function as an endpoint detection and response (EDR) solution for GitHub Actions runners. The vulnerability allows attackers with code execution capabilities within a GitHub Actions workflow to bypass the egress-policy: block network restriction using DNS queries transmitted over TCP.
Critical Impact
Attackers with existing code execution in GitHub Actions workflows can exfiltrate data or establish covert communication channels by bypassing egress filtering through TCP-based DNS queries, undermining the security controls provided by Harden-Runner.
Affected Products
- StepSecurity Harden-Runner versions 2.15.1 and below
- Harden-Runner Community Edition
- GitHub Actions workflows utilizing Harden-Runner with egress-policy: block configuration
Discovery Timeline
- 2026-03-20 - CVE CVE-2026-32946 published to NVD
- 2026-03-24 - Last updated in NVD database
Technical Details for CVE-2026-32946
Vulnerability Analysis
This vulnerability represents a Protection Mechanism Failure (CWE-693) in the network egress filtering implementation of Harden-Runner. When organizations configure egress-policy: block with a restrictive allowed-endpoints list, they expect all non-compliant outbound traffic to be denied. However, the filtering mechanism does not adequately handle DNS queries transmitted over TCP protocol.
DNS typically operates over UDP on port 53, but the protocol also supports TCP for larger responses or as a fallback mechanism. The egress policy enforcement fails to account for this legitimate DNS behavior, creating a gap in the network security controls. An attacker who has already achieved code execution within a GitHub Actions workflow can exploit this oversight to communicate with external systems, potentially exfiltrating sensitive data or receiving command-and-control instructions.
Root Cause
The root cause is an incomplete implementation of network filtering rules in Harden-Runner's egress policy enforcement. While UDP-based DNS traffic may be properly restricted, TCP-based DNS queries on port 53 are not adequately filtered. This allows tools like dig with the +tcp flag to initiate DNS queries over TCP that bypass the intended network restrictions. The filtering mechanism operates at the network layer but fails to comprehensively cover all legitimate DNS transport protocols.
Attack Vector
The attack vector requires prior code execution capabilities within a GitHub Actions workflow. An attacker who has compromised a workflow through supply chain attacks, malicious dependencies, or other means can leverage this vulnerability to:
- Establish outbound communication channels using TCP-based DNS queries
- Exfiltrate sensitive data such as secrets, tokens, or source code through DNS tunneling techniques
- Receive commands or payloads encoded in DNS responses
- Circumvent security monitoring that relies on Harden-Runner's egress controls
The network-based attack vector combined with the requirement for existing code execution privileges positions this as a post-compromise escalation technique. An attacker would typically use standard DNS utilities or custom tools to initiate TCP-based DNS queries to attacker-controlled nameservers.
Detection Methods for CVE-2026-32946
Indicators of Compromise
- Unusual DNS queries over TCP (port 53) from GitHub Actions runner environments
- DNS query patterns to suspicious or newly registered domains during workflow execution
- High volume or unusually large DNS responses indicating potential data exfiltration
- Use of dig +tcp or similar commands in workflow logs
Detection Strategies
- Monitor GitHub Actions workflow logs for DNS utility usage with TCP flags
- Implement network-level monitoring for TCP connections on port 53 from runner infrastructure
- Analyze DNS query patterns for signs of tunneling or encoding schemes
- Review workflow definitions for suspicious commands that could leverage DNS bypass
Monitoring Recommendations
- Enable verbose logging for Harden-Runner and review egress events
- Implement secondary network monitoring independent of Harden-Runner controls
- Set up alerts for TCP DNS traffic originating from CI/CD infrastructure
- Regularly audit workflow files and dependencies for malicious code injection
How to Mitigate CVE-2026-32946
Immediate Actions Required
- Upgrade Harden-Runner to version 2.16.0 or later immediately
- Review recent workflow runs for potential exploitation attempts
- Audit GitHub Actions secrets and rotate any potentially exposed credentials
- Implement additional network-level controls as defense in depth
Patch Information
StepSecurity has addressed this vulnerability in Harden-Runner version 2.16.0. The fix properly restricts DNS queries over TCP, ensuring comprehensive coverage of the egress-policy: block configuration. Organizations should update their workflow files to reference the patched version.
For detailed information, refer to the GitHub Security Advisory GHSA-g699-3x6g-wm3g and the v2.16.0 release notes.
Workarounds
- Implement network-level firewall rules blocking TCP port 53 from runner environments as an additional control
- Use network security groups or cloud provider controls to restrict outbound DNS to trusted resolvers only
- Consider temporarily disabling vulnerable workflows until the update can be applied
- Deploy additional monitoring to detect potential bypass attempts
# Update Harden-Runner in GitHub Actions workflow
# Change your workflow file to use the patched version:
# Before: uses: step-security/harden-runner@v2.15.1
# After: uses: step-security/harden-runner@v2.16.0
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
