| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-32947 | Egress Policy Bypass via DNS over HTTPS (DoH) in Harden-Runner (Community Tier) | step-security | harden-runner | 中危 | - | 2026-03-20 04:03:04 | Deep Dive |
| CVE-2026-32946 | Egress Policy Bypass via DNS over TCP in Harden-Runner (Community Tier) | step-security | harden-runner | 中危 | - | 2026-03-20 03:58:41 | Deep Dive |
| CVE-2026-25598 | Bypassing Logging of Outbound Connections Using sendto, sendmsg, and sendmmsg in Harden-Runner (Community Tier) | step-security | harden-runner | - | - | 2026-02-09 18:58:57 | Deep Dive |
| CVE-2025-32955 | Harden-Runner Evasion of 'disable-sudo' policy | step-security | harden-runner | Medium | 6.0 | 2025-04-21 20:45:58 | Deep Dive |
| CVE-2024-52587 | Harden-Runner has command injection weaknesses in `setup.ts` and `arc-runner.ts` | step-security | harden-runner | 低危 | - | 2024-11-18 22:03:16 | Deep Dive |