CVE-2026-25598 | THREATINT

Description

Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. Prior to 2.14.2, a security vulnerability has been identified in the Harden-Runner GitHub Action (Community Tier) that allows outbound network connections to evade audit logging. Specifically, outbound traffic using the sendto, sendmsg, and sendmmsg socket system calls can bypass detection and logging when using egress-policy: audit. This vulnerability is fixed in 2.14.2.

PUBLISHED Reserved 2026-02-03 | Published 2026-02-09 | Updated 2026-02-10 | Assigner GitHub_M

MEDIUM: 6.3CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-778: Insufficient Logging

Product status

< 2.14.2

affected

References

github.com/...runner/security/advisories/GHSA-cpmj-h4f6-r6pq

github.com/step-security/harden-runner/releases/tag/v2.14.2

cve.org (CVE-2026-25598)

nvd.nist.gov (CVE-2026-25598)

Download JSON