CVE-2026-25598 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. Prior to 2.14.2, a security vulnerability has been identified in the…
Medium CVSS: 6.3

CVE-2026-25598

Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. Prior to 2.14.2, a security vulnerability has been identified in the Harden-Runner GitHub Action (Community Tier) that allows outbound network connections to evade audit logging. Specifically, outbound traffic using the sendto, sendmsg, and sendmmsg socket system calls can bypass detection and logging when using egress-policy: audit. This vulnerability is fixed in 2.14.2.
Vendor
Stepsecurity
Product
Harden-runner
CWE
CWE-778
Yayın Tarihi
2026-02-09 20:15:58
Güncelleme
2026-02-28 00:23:47
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-778 Harden-runner MEDIUM Stepsecurity 2026

Referanslar

https://github.com/step-security/harden-runner/releases/tag/v2.14.2 https://github.com/step-security/harden-runner/security/advisories/GHSA-cpmj-h4f6-r6pq