Lucene search
+L

4 matches found

NVD
NVD
added 2026/02/09 8:15 p.m.7 views

CVE-2026-25598

Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. Prior to 2.14.2, a security vulnerability has been identified in the Harden-Runner GitHub Action Community Tier that allows outbound network connections to evade audit logging. Specifically, outbound traffi...

6.3CVSS0.00313EPSS
Exploits0References2
CVE
CVE
added 2026/02/09 6:58 p.m.47 views

CVE-2026-25598

The CVE-2026-25598 issue affects Harden-Runner (GitHub Actions Community Tier) prior to version 2.14.2. The root cause is that outbound traffic using socket calls sendto, sendmsg, and sendmmsg could bypass audit logging when egress-policy is set to audit, enabling potential evasion of monitoring....

6.3CVSS5.4AI score0.00313EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/02/09 6:58 p.m.38 views

CVE-2026-25598 Bypassing Logging of Outbound Connections Using sendto, sendmsg, and sendmmsg in Harden-Runner (Community Tier)

Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. Prior to 2.14.2, a security vulnerability has been identified in the Harden-Runner GitHub Action Community Tier that allows outbound network connections to evade audit logging. Specifically, outbound traffi...

6.3CVSS0.00313EPSS
Exploits0References2
OSV
OSV
added 2026/02/09 6:58 p.m.7 views

CVE-2026-25598 Bypassing Logging of Outbound Connections Using sendto, sendmsg, and sendmmsg in Harden-Runner (Community Tier)

Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. Prior to 2.14.2, a security vulnerability has been identified in the Harden-Runner GitHub Action Community Tier that allows outbound network connections to evade audit logging. Specifically, outbound traffi...

6.3CVSS5.4AI score0.00313EPSS
Exploits0References4
Rows per page
Query Builder