Signal

Two medium-severity egress policy bypass vulnerabilities found in Harden-Runner

Two medium-severity vulnerabilities (CVE-2026-32946 and CVE-2026-32947) have been disclosed in Harden-Runner (Community Tier). Both allow egress policy bypass: one via DNS over TCP and the other via DNS over HTTPS (DoH). These issues could enable unauthorized network traffic to circumvent established egress controls.

github

cveexploitssecurity_tooling

Evidence locked

Today's free sample is only available for the edition's flagship signal.

Back Unlock Pro

Evidence preview

GitHub Security Advisories
github.com
Egress Policy Bypass via DNS over TCP in Harden-Runner (Community Tier)
github_advisories