Egress Policy Bypass via DNS over HTTPS (DoH) in Harden-Runner (Community Tier)

Description

Summary

A vulnerability exists in the Community Tier of Harden-Runner that allows bypassing the egress-policy: block network restriction using DNS over HTTPS (DoH).

Harden-Runner secures GitHub Actions workflows on runners by applying network policies, including an allowed-endpoints configuration that limits outbound traffic to specified domains and ports (e.g., github.com:443). In egress-policy: block mode, non-compliant connections are intercepted and denied.

This vulnerability exploits DoH, a protocol that encapsulates DNS queries within HTTPS requests. By crafting a DNS query that embeds exfiltrated data as a subdomain (e.g., encoding the runner's hostname into a label), an attacker can route the request through a permitted HTTPS endpoint like dns.google (8.8.8.8's DoH service). The resolver processes the query and forwards it to the attacker's controlled domain, achieving exfiltration without directly accessing the blocked destination. This evades Harden-Runner's domain-based filtering, as the initial HTTPS connection appears legitimate.

This vulnerability requires the attacker to already have code execution capabilities within the GitHub Actions workflow.

The Enterprise Tier of Harden-Runner is not affected by this vulnerability.

Impact

When Harden-Runner is configured with egress-policy: block and a restrictive allowed-endpoints list, an attacker with existing code execution capabilities within a GitHub Actions workflow can bypass the allowed domains check via DNS over HTTPS by proxying DNS queries through a permitted resolver (e.g., Google's DoH service). This allows data exfiltration even when allowed-endpoints is set to only whitelisted domains.

This vulnerability affects only the Community Tier. It requires the attacker to already have code execution capabilities within the GitHub Actions workflow.

Remediation

For Community Tier Users

Upgrade to Harden-Runner v2.16.0 or later.

For Enterprise Tier Users

No action required. Enterprise tier customers are not affected by this vulnerability.

Credit

We would like to thank Devansh Batham for responsibly disclosing this vulnerability through our security reporting process.

Basic information

Type
reviewed
Severity
medium
Advisory on GitHub
Open advisory ↗
Repository advisory
Open repository advisory ↗
Source code
Browse source ↗
Published (advisory)
2026-03-17 18:38:16 UTC
Updated
2026-03-20 21:21:36 UTC
GitHub reviewed
2026-03-17 18:38:16 UTC
NVD published
2026-03-20

EPSS Score

Score Percentile
0.09% 26.20%

CVSS Scores

Base score Version Severity Vector
4.6 4.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network.
Attack complexity (AC:L)
Exploitation conditions are straightforward and stable.
Attack requirements (AT:P)
Additional preconditions must be present for exploitation.
Privileges required (PR:H)
High privileges are required.
User interaction (UI:N)
No user interaction is required.
Vulnerable system confidentiality impact (VC:N)
No confidentiality impact on the vulnerable system.
Vulnerable system integrity impact (VI:N)
No integrity impact on the vulnerable system.
Vulnerable system availability impact (VA:N)
No availability impact on the vulnerable system.
Subsequent system confidentiality impact (SC:H)
High confidentiality impact on subsequent systems.
Subsequent system integrity impact (SI:N)
No integrity impact on subsequent systems.
Subsequent system availability impact (SA:N)
No availability impact on subsequent systems.

Identifiers

CWEs

CWE id Name
CWE-693 Protection Mechanism Failure
CWE-863 Incorrect Authorization

Credits

  • devanshbatham (reporter)

Affected packages (1)

Vulnerable version ranges and first patched releases as published by GitHub.

Ecosystem Package Vulnerable range First patched Vulnerable functions
actions step-security/harden-runner <= 2.15.1 2.16.0

References

cvelogic Threat Intelligence