Stepsecurity Harden-runner — known CVE vulnerabilities
Every CVE whose affected-product data names Stepsecurity Harden-runner, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2026-25598 — CVSS 5.3 (medium): Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. Prior to 2.14.2, a security vulnerability has…
CVE-2026-32947 — CVSS 4.9 (medium): Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. In versions 2.15.1 and below, a DNS over HTTPS…
CVE-2026-32946 — CVSS 2.7 (low): Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. In versions 2.15.1 and below, the Harden-Runner…