Skip to main content

Github CVE-2026-25598

MEDIUM
Insufficient Logging (CWE-778)
2026-02-09 security-advisories@github.com
5.3
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Red Hat
4.3 MEDIUM
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Feb 09, 2026 - 20:15 nvd
MEDIUM 5.3

DescriptionGitHub Advisory

Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. Prior to 2.14.2, a security vulnerability has been identified in the Harden-Runner GitHub Action (Community Tier) that allows outbound network connections to evade audit logging. Specifically, outbound traffic using the sendto, sendmsg, and sendmmsg socket system calls can bypass detection and logging when using egress-policy: audit. This vulnerability is fixed in 2.14.2.

AnalysisAI

Harden-Runner versions prior to 2.14.2 fail to log outbound network connections made through sendto, sendmsg, and sendmmsg socket calls when audit mode is enabled, allowing attackers to exfiltrate data from GitHub Actions runners without detection. This integrity bypass affects users relying on Harden-Runner's egress policy auditing for security monitoring. A patch is available in version 2.14.2 and later.

Technical ContextAI

Affects Harden-Runner. Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. Prior to 2.14.2, a security vulnerability has been identified in the Harden-Runner GitHub Action (Community Tier) that allows outbound network connections to evade audit logging. Specifically, outbound traffic using the sendto, sendmsg, and sendmmsg socket system calls can bypass detection and logging when using egress-policy: audit. This vulnerability is fixed in 2.14.2.

RemediationAI

Fixed in version 2.14.2.. Restrict network access to the affected service where possible.

More in Github

View all
CVE-2026-1699 CRITICAL POC
10.0 Jan 30

Supply chain vulnerability in Eclipse Theia GitHub Actions workflow. The preview.yml workflow uses pull_request_target w

CVE-2026-27941 CRITICAL POC
9.9 Feb 26

Supply chain attack vector in OpenLIT GitHub Actions workflows. The pull_request_target trigger with checkout enables ma

CVE-2026-22869 CRITICAL POC
9.8 Jan 13

Eigent multi-agent workflow CI pipeline (ci.yml) uses pull_request_target with checkout of untrusted PR code, enabling a

CVE-2026-28215 CRITICAL POC
9.1 Feb 26

Unauthenticated infrastructure overwrite in Hoppscotch API development ecosystem before 2026.2.0. Attackers can overwrit

CVE-2018-1000600 HIGH POC
8.8 Jun 26

A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.1 and earlier in GitHubTokenCrede

CVE-2026-30920 HIGH POC
8.6 Mar 10

OneUptime versions prior to 10.0.19 allow unauthenticated attackers to hijack GitHub App integrations across projects by

CVE-2026-25221 HIGH POC
8.1 Feb 02

PolarLearn versions 0-PRERELEASE-15 and earlier lack proper state parameter validation in OAuth 2.0 authentication, enab

CVE-2026-23644 HIGH POC
7.5 Jan 18

Path traversal in esm.sh CDN prior to version 0.0.0-20260116051925-c62ab83c589e allows unauthenticated remote attackers

CVE-2025-68619 HIGH POC
7.2 Jan 01

Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 of the appstore i

CVE-2026-27943 MEDIUM POC
6.5 Feb 26

Authenticated users in OpenEMR through version 8.0.0 can access and modify eye exam records belonging to other patients

CVE-2026-23889 MEDIUM POC
6.5 Jan 26

Path traversal in pnpm's tarball extraction on Windows allows attackers to write files outside the intended package dire

CVE-2026-27612 MEDIUM POC
6.1 Feb 25

Reflected XSS in Repostat's RepoCard React component prior to version 1.0.1 allows attackers to execute arbitrary JavaSc

Vendor StatusVendor

Share

CVE-2026-25598 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy