vuln disclosure
Harden-Runner CI/CD Security Agent Audit Logging Bypass via Socket CallsCVE-2026-25598
A vulnerability in Harden-Runner (Community Tier) prior to version 2.14.2 allows outbound network connections to evade audit logging. The issue affects the egress-policy: audit mode, where traffic using sendto, sendmsg, and sendmmsg socket calls is not detected or logged. This could allow malicious outbound connections to go unnoticed in CI/CD pipelines.