All 5 CVE vulnerabilities found in harden-runner, with AI-generated Chinese analysis, references, and POCs.
Vendor: step-security
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-32947 | Egress Policy Bypass via DNS over HTTPS (DoH) in Harden-Runner (Community Tier) CWE-693 | 9.1 | - | 2026-03-20 |
| CVE-2026-32946 | Egress Policy Bypass via DNS over TCP in Harden-Runner (Community Tier) CWE-693 | 8.6 | - | 2026-03-20 |
| CVE-2026-25598 | Bypassing Logging of Outbound Connections Using sendto, sendmsg, and sendmmsg in Harden-Runner (Community Tier) CWE-778 | 5.3AI | MediumAI | 2026-02-09 |
| CVE-2025-32955 | Harden-Runner Evasion of 'disable-sudo' policy CWE-268 | 6.0 | Medium | 2025-04-21 |
| CVE-2024-52587 | Harden-Runner has command injection weaknesses in `setup.ts` and `arc-runner.ts` CWE-78 | 9.8 | - | 2024-11-18 |
All 5 known CVE vulnerabilities affecting harden-runner with full Chinese analysis, references, and POCs where available.