Browse all 5 CVE security advisories affecting step-security. AI-powered Chinese analysis, POCs, and references for each vulnerability.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-32947 | Egress Policy Bypass via DNS over HTTPS (DoH) in Harden-Runner (Community Tier) — harden-runnerCWE-693 | 9.1 | - | 2026-03-20 |
| CVE-2026-32946 | Egress Policy Bypass via DNS over TCP in Harden-Runner (Community Tier) — harden-runnerCWE-693 | 8.6 | - | 2026-03-20 |
| CVE-2026-25598 | Bypassing Logging of Outbound Connections Using sendto, sendmsg, and sendmmsg in Harden-Runner (Community Tier) — harden-runnerCWE-778 | 5.3AI | MediumAI | 2026-02-09 |
| CVE-2025-32955 | Harden-Runner Evasion of 'disable-sudo' policy — harden-runnerCWE-268 | 6.0 | Medium | 2025-04-21 |
| CVE-2024-52587 | Harden-Runner has command injection weaknesses in `setup.ts` and `arc-runner.ts` — harden-runnerCWE-78 | 9.8 | - | 2024-11-18 |
This page lists every published CVE security advisory associated with step-security. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.