{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32947", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-17T00:05:53.284Z", "datePublished": "2026-03-20T04:03:03.687Z", "dateUpdated": "2026-03-20T16:05:57.731Z"}, "containers": {"cna": {"title": "Egress Policy Bypass via DNS over HTTPS (DoH) in Harden-Runner (Community Tier)", "problemTypes": [{"descriptions": [{"cweId": "CWE-693", "lang": "en", "description": "CWE-693: Protection Mechanism Failure", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-863", "lang": "en", "description": "CWE-863: Incorrect Authorization", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/step-security/harden-runner/security/advisories/GHSA-46g3-37rh-v698", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/step-security/harden-runner/security/advisories/GHSA-46g3-37rh-v698"}, {"name": "https://github.com/step-security/harden-runner/releases/tag/v2.16.0", "tags": ["x_refsource_MISC"], "url": "https://github.com/step-security/harden-runner/releases/tag/v2.16.0"}], "affected": [{"vendor": "step-security", "product": "harden-runner", "versions": [{"version": "< 2.16", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-20T04:03:03.687Z"}, "descriptions": [{"lang": "en", "value": "Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. In versions 2.15.1 and below, a DNS over HTTPS (DoH) vulnerability allows attackers to bypass egress-policy: block network restrictions by tunneling exfiltrated data through permitted HTTPS endpoints like dns.google. The attack works by encoding sensitive data (e.g., the runner's hostname) as subdomains in DoH queries, which appear as legitimate HTTPS traffic to Harden-Runner's domain-based filtering but are ultimately forwarded to an attacker-controlled domain. This effectively enables data exfiltration without directly connecting to any blocked destination. Exploitation requires the attacker to already have code execution within the GitHub Actions workflow. The issue was fixed in version 2.16.0."}], "source": {"advisory": "GHSA-46g3-37rh-v698", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-20T16:04:06.975931Z", "id": "CVE-2026-32947", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-20T16:05:57.731Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32947", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-20T16:04:06.975931Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-20T16:05:52.816Z"}}], "cna": {"title": "Egress Policy Bypass via DNS over HTTPS (DoH) in Harden-Runner (Community Tier)", "source": {"advisory": "GHSA-46g3-37rh-v698", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.6, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "NONE"}}], "affected": [{"vendor": "step-security", "product": "harden-runner", "versions": [{"status": "affected", "version": "< 2.16"}]}], "references": [{"url": "https://github.com/step-security/harden-runner/security/advisories/GHSA-46g3-37rh-v698", "name": "https://github.com/step-security/harden-runner/security/advisories/GHSA-46g3-37rh-v698", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/step-security/harden-runner/releases/tag/v2.16.0", "name": "https://github.com/step-security/harden-runner/releases/tag/v2.16.0", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. In versions 2.15.1 and below, a DNS over HTTPS (DoH) vulnerability allows attackers to bypass egress-policy: block network restrictions by tunneling exfiltrated data through permitted HTTPS endpoints like dns.google. The attack works by encoding sensitive data (e.g., the runner's hostname) as subdomains in DoH queries, which appear as legitimate HTTPS traffic to Harden-Runner's domain-based filtering but are ultimately forwarded to an attacker-controlled domain. This effectively enables data exfiltration without directly connecting to any blocked destination. Exploitation requires the attacker to already have code execution within the GitHub Actions workflow. The issue was fixed in version 2.16.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-693", "description": "CWE-693: Protection Mechanism Failure"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-863", "description": "CWE-863: Incorrect Authorization"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-20T04:03:03.687Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32947", "state": "PUBLISHED", "dateUpdated": "2026-03-20T16:05:57.731Z", "dateReserved": "2026-03-17T00:05:53.284Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-20T04:03:03.687Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:stepsecurity:harden-runner:*:*:*:*:community:*:*:*", "matchCriteriaId": "051DFDC1-078C-478D-84B3-3FAD24CB1FE6", "versionEndExcluding": "2.16.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. In versions 2.15.1 and below, a DNS over HTTPS (DoH) vulnerability allows attackers to bypass egress-policy: block network restrictions by tunneling exfiltrated data through permitted HTTPS endpoints like dns.google. The attack works by encoding sensitive data (e.g., the runner's hostname) as subdomains in DoH queries, which appear as legitimate HTTPS traffic to Harden-Runner's domain-based filtering but are ultimately forwarded to an attacker-controlled domain. This effectively enables data exfiltration without directly connecting to any blocked destination. Exploitation requires the attacker to already have code execution within the GitHub Actions workflow. The issue was fixed in version 2.16.0."}, {"lang": "es", "value": "Harden-Runner es un agente de seguridad de CI/CD que funciona como un EDR para los runners de GitHub Actions. En las versiones 2.15.1 e inferiores, una vulnerabilidad de DNS sobre HTTPS (DoH) permite a los atacantes eludir las restricciones de red de 'egress-policy: block' al tunelizar datos exfiltrados a trav\u00e9s de puntos finales HTTPS permitidos como dns.google. El ataque funciona codificando datos sensibles (por ejemplo, el nombre de host del runner) como subdominios en consultas DoH, que aparecen como tr\u00e1fico HTTPS leg\u00edtimo para el filtrado basado en dominio de Harden-Runner pero que finalmente se reenv\u00edan a un dominio controlado por el atacante. Esto permite eficazmente la exfiltraci\u00f3n de datos sin conectarse directamente a ning\u00fan destino bloqueado. La explotaci\u00f3n requiere que el atacante ya tenga ejecuci\u00f3n de c\u00f3digo dentro del flujo de trabajo de GitHub Actions. El problema se solucion\u00f3 en la versi\u00f3n 2.16.0."}], "id": "CVE-2026-32947", "lastModified": "2026-03-24T12:33:33.540", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-20T05:16:13.923", "references": [{"source": "security-advisories@github.com", "tags": ["Product", "Release Notes"], "url": "https://github.com/step-security/harden-runner/releases/tag/v2.16.0"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/step-security/harden-runner/security/advisories/GHSA-46g3-37rh-v698"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-693"}, {"lang": "en", "value": "CWE-863"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "harden-runner: Harden-Runner: Data exfiltration via DNS over HTTPS (DoH) bypass", "id": "2449437", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449437"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "status": "draft"}, "cwe": "CWE-807", "details": ["A flaw was found in Harden-Runner. A remote attacker with existing code execution within a GitHub Actions workflow could exploit a DNS over HTTPS (DoH) vulnerability to bypass network restrictions. This allows for the exfiltration of sensitive data by encoding it within DoH queries, which appear as legitimate HTTPS traffic, effectively bypassing egress policies."], "name": "CVE-2026-32947", "package_state": [{"cpe": "cpe:/a:redhat:external_secrets_operator:1", "fix_state": "Fix deferred", "package_name": "external-secrets-operator/bitwarden-sdk-server-rhel9", "product_name": "External Secrets Operator for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:external_secrets_operator:1", "fix_state": "Fix deferred", "package_name": "external-secrets-operator/external-secrets-operator-bundle", "product_name": "External Secrets Operator for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:external_secrets_operator:1", "fix_state": "Fix deferred", "package_name": "external-secrets-operator/external-secrets-operator-rhel9", "product_name": "External Secrets Operator for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:external_secrets_operator:1", "fix_state": "Fix deferred", "package_name": "external-secrets-operator/external-secrets-rhel9", "product_name": "External Secrets Operator for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:gatekeeper:3", "fix_state": "Fix deferred", "package_name": "gatekeeper/gatekeeper-rhel9", "product_name": "Gatekeeper 3"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Out of support scope", "package_name": "multicluster-engine/addon-manager-rhel9", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Out of support scope", "package_name": "multicluster-engine/placement-rhel9", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Out of support scope", "package_name": "multicluster-engine/registration-operator-rhel9", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Out of support scope", "package_name": "multicluster-engine/registration-rhel9", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Out of support scope", "package_name": "multicluster-engine/work-rhel9", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:windows_machine_config", "fix_state": "Fix deferred", "package_name": "openshift4-wincw/windows-machine-config-operator-bundle", "product_name": "Red Hat OpenShift for Windows Containers"}, {"cpe": "cpe:/a:redhat:windows_machine_config", "fix_state": "Fix deferred", "package_name": "openshift4-wincw/windows-machine-config-rhel9-operator", "product_name": "Red Hat OpenShift for Windows Containers"}], "public_date": "2026-03-20T04:03:03Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-32947\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-32947\nhttps://github.com/step-security/harden-runner/releases/tag/v2.16.0\nhttps://github.com/step-security/harden-runner/security/advisories/GHSA-46g3-37rh-v698"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.16)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "harden-runner", "source": "cna", "vendor": "step-security"}, "product": "harden_runner", "vendor": "step_security"}], "analysis": {"en": {"generated_at": "2026-03-20T05:21:58.342546+00:00", "value": {"mitigation_remediation": ["Upgrade Harden\u2011Runner to version 2.16.0 or later.", "If upgrade cannot be performed immediately, configure the runner to block DNS over HTTPS traffic to external domains such as dns.google or temporarily disable egress\u2011policy filtering for DNS queries.", "Verify that no vulnerable versions remain in use and review GitHub Actions workflows for elevated privileges."], "summary": {"action": "Patch", "impact": "Data exfiltration via egress policy bypass"}, "threat_synthesis": {"affected_systems": "Affected systems are GitHub Actions runners protected by the Harden\u2011Runner Community tier agent from step\u2011security. All releases at or before 2.15.1 are vulnerable. The fix was included in version 2.16.0, which removed DoH support or added proper filtering. Any runner using these older versions must be upgraded.", "description_and_impact": "The vulnerability resides in Harden\u2011Runner versions 2.15.1 and lower, where DNS over HTTPS queries carry encoded data within subdomains and are sent to allowed HTTPS endpoints such as dns.google. This allows an attacker to create traffic that passes the egress policy while delivering exfiltrated information to an attacker\u2011controlled domain. The weakness maps to CWE\u2011693 (Security Misconfiguration) and CWE\u2011863 (Information Exposure via Misconfigured Component).", "risk_and_exploitability": "The CVSS score is 4.6, indicating moderate severity. Exploitability is limited to scenarios where an attacker already has code execution within the GitHub Actions workflow; the vulnerability itself does not allow remote code execution. EPSS data is unavailable and the issue is not listed in the CISA KEV catalog. The risk is primarily data exfiltration; organizations should update to 2.16.0 immediately to close the attack surface."}}}}, "created": "2026-03-20T08:52:42.425453+00:00", "updated": "2026-03-20T10:37:24.217335+00:00", "vendors": ["step_security", "step_security$PRODUCT$harden_runner"]}