CVE-2026-32946 identifies a protection mechanism failure in step-security's Harden-Runner, a security agent designed to enforce egress network restrictions on GitHub Actions runners. Harden-Runner acts similarly to an Endpoint Detection and Response (EDR) tool but specifically for CI/CD environments. In versions 2.15.1 and earlier, when the egress-policy is set to block outbound connections except to a limited set of allowed endpoints (e.g., github.com:443), the enforcement mechanism fails to restrict DNS queries over TCP. Typically, egress policies filter outbound traffic at the network layer to prevent unauthorized data exfiltration or command and control communications. However, DNS queries over TCP, which are less common than UDP but used for large DNS responses or fallback, are not adequately filtered. Attackers with code execution inside the GitHub Actions workflow can exploit this by using tools like dig with the +tcp flag to send DNS queries over TCP, bypassing the egress restrictions. This vulnerability requires prior code execution privileges, meaning it is a post-compromise escalation vector rather than an initial access vulnerability. The vulnerability is classified under CWE-693 (Protection Mechanism Failure) and CWE-863 (Incorrect Authorization). The issue has been addressed in Harden-Runner version 2.16.0, which properly restricts DNS over TCP traffic under egress-policy: block. The CVSS 4.0 base score is 4.6 (medium), reflecting the need for prior access and limited scope of impact. No known exploits have been reported in the wild as of the publication date.

The primary impact of this vulnerability is the potential for attackers who have already compromised a GitHub Actions workflow environment to bypass network egress restrictions intended to prevent unauthorized outbound communications. This can enable data exfiltration, command and control communication, or lateral movement within the CI/CD infrastructure. Organizations relying on Harden-Runner to enforce strict network policies on GitHub runners may have a false sense of security, as attackers can circumvent these controls using DNS over TCP queries. This could lead to leakage of sensitive source code, credentials, or build artifacts. While the vulnerability requires prior code execution, the ability to bypass egress restrictions increases the attacker's operational capabilities and persistence. The impact is particularly significant for organizations with strict compliance or data protection requirements using GitHub Actions with Harden-Runner. However, since exploitation requires existing access and no known public exploits exist, the immediate risk is moderate but should not be underestimated.

1. Upgrade Harden-Runner to version 2.16.0 or later, where the vulnerability is fixed and DNS over TCP queries are properly restricted under egress-policy: block. 2. Implement additional network monitoring on GitHub Actions runners to detect unusual DNS traffic patterns, especially DNS over TCP queries, which are less common and may indicate attempts to bypass egress controls. 3. Restrict or disable the use of tools capable of crafting DNS queries over TCP (e.g., dig with +tcp) within CI/CD workflows unless explicitly required. 4. Employ runtime security controls and anomaly detection on GitHub Actions workflows to detect unauthorized code execution or suspicious network activity. 5. Review and tighten GitHub Actions workflow permissions to minimize the risk of unauthorized code execution. 6. Consider using network-layer firewall rules or proxy configurations external to Harden-Runner to enforce egress policies as a defense-in-depth measure. 7. Regularly audit and validate egress policies and Harden-Runner configurations to ensure they are correctly applied and effective.