CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Stepsecurity: >> Harden-Runner Security Vulnerabilities

CVE-2026-25598

Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. Prior to 2.14.2, a security vulnerability has been identified in the Harden-Runner GitHub Action (Community Tier) that allows outbound network connections to evade audit logging. Specifically, outbound traffic using the sendto, sendmsg, and sendmmsg socket system calls can bypass detection and logging when using egress-policy: audit. This vulnerability is fixed in 2.14.2.

CVSS Score

5.3

EPSS Score

0.0

Published

2026-02-09

Page 1

Vulnerabilities

Vulnerable Software

Stepsecurity: >> Harden-Runner Security Vulnerabilities

Products

Pricing

Contact Us