Primary

Context

Harden-Runner GitHub Action Outbound Network Logging Bypass Vulnerability

Vulnerability

A vulnerability in the Harden-Runner GitHub Action (Community Tier) prior to version 2.14.2 allows outbound network connections to evade audit logging. This issue affects traffic using the sendto, sendmsg, and sendmmsg socket system calls, which can bypass detection when the egress policy is set to audit. The vulnerability requires code execution capabilities within the GitHub Actions workflow, such as through workflow injection or compromised dependencies.

Impact

Exploitation of this vulnerability allows for outbound network traffic to be sent without generating audit logs, effectively bypassing network monitoring for UDP communications.

Remediation

Users of the Harden-Runner Community Tier should upgrade to version 2.14.2 or later. Enterprise Tier users are not affected by this vulnerability.

Added: Feb 9, 2026, 8:19 PM

Updated: Feb 9, 2026, 10:20 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

2.9

remediation

0.0

relevance

2.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

2.9

remediation

0.0

relevance

2.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Harden-Runner GitHub Action Outbound Network Logging Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating