{"id":"GHSA-46g3-37rh-v698","summary":"Egress Policy Bypass via DNS over HTTPS (DoH) in Harden-Runner (Community Tier)","details":"## Summary\n\nA vulnerability exists in the Community Tier of Harden-Runner that allows bypassing the `egress-policy: block` network restriction using DNS over HTTPS (DoH).\n\nHarden-Runner secures GitHub Actions workflows on runners by applying network policies, including an `allowed-endpoints` configuration that limits outbound traffic to specified domains and ports (e.g., `github.com:443`). In `egress-policy: block` mode, non-compliant connections are intercepted and denied. \n\nThis vulnerability exploits DoH, a protocol that encapsulates DNS queries within HTTPS requests. By crafting a DNS query that embeds exfiltrated data as a subdomain (e.g., encoding the runner's hostname into a label), an attacker can route the request through a permitted HTTPS endpoint like `dns.google` (`8.8.8.8`'s DoH service). The resolver processes the query and forwards it to the attacker's controlled domain, achieving exfiltration without directly accessing the blocked destination. This evades Harden-Runner's domain-based filtering, as the initial HTTPS connection appears legitimate. \n\nThis vulnerability requires the attacker to already have code execution capabilities within the GitHub Actions workflow.\n\nThe Enterprise Tier of Harden-Runner is **not affected** by this vulnerability.\n\n## Impact\n\nWhen Harden-Runner is configured with `egress-policy: block` and a restrictive `allowed-endpoints` list, an attacker with existing code execution capabilities within a GitHub Actions workflow can bypass the allowed domains check via DNS over HTTPS by proxying DNS queries through a permitted resolver (e.g., Google's DoH service). This allows data exfiltration even when `allowed-endpoints` is set to only whitelisted domains.\n\nThis vulnerability affects only the Community Tier. It requires the attacker to already have code execution capabilities within the GitHub Actions workflow.\n\n## Remediation\n\n### For Community Tier Users\n\nUpgrade to Harden-Runner v2.16.0 or later. \n\n### For Enterprise Tier Users\n\nNo action required. Enterprise tier customers are not affected by this vulnerability.\n\n## Credit \n\nWe would like to thank [Devansh Batham](https://github.com/devanshbatham) for responsibly disclosing this vulnerability through our security reporting process.","aliases":["CVE-2026-32947"],"modified":"2026-03-20T21:34:59.431085Z","published":"2026-03-17T18:38:16Z","database_specific":{"severity":"MODERATE","nvd_published_at":"2026-03-20T05:16:13Z","github_reviewed_at":"2026-03-17T18:38:16Z","cwe_ids":["CWE-693","CWE-863"],"github_reviewed":true},"references":[{"type":"WEB","url":"https://github.com/step-security/harden-runner/security/advisories/GHSA-46g3-37rh-v698"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32947"},{"type":"PACKAGE","url":"https://github.com/step-security/harden-runner"},{"type":"WEB","url":"https://github.com/step-security/harden-runner/releases/tag/v2.16.0"}],"affected":[{"package":{"name":"step-security/harden-runner","ecosystem":"GitHub Actions"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.16.0"}]}],"database_specific":{"last_known_affected_version_range":"\u003c= 2.15.1","source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-46g3-37rh-v698/GHSA-46g3-37rh-v698.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"}]}